Now that we store all our endpoints in the flowside structure, use some
inany helpers to make validation of those endpoints simpler.
Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au>
---
inany.h | 1 -
tcp.c | 69 +++++++++++++--------------------------------------------
2 files changed, 15 insertions(+), 55 deletions(-)
diff --git a/inany.h b/inany.h
index 407690e..c0228a1 100644
--- a/inany.h
+++ b/inany.h
@@ -123,7 +123,6 @@ static inline bool inany_is_multicast(const union inany_addr *a)
*
* Return: true if @a is specified and a unicast address
*/
-/* cppcheck-suppress unusedFunction */
static inline bool inany_is_unicast(const union inany_addr *a)
{
return !inany_is_unspecified(a) && !inany_is_multicast(a);
diff --git a/tcp.c b/tcp.c
index 5ff7480..e669b18 100644
--- a/tcp.c
+++ b/tcp.c
@@ -1954,36 +1954,16 @@ static void tcp_conn_from_tap(struct ctx *c, sa_family_t af,
flowside_from_af(tapside, PIF_TAP, af, daddr, dstport, saddr, srcport);
- if (af == AF_INET) {
- if (IN4_IS_ADDR_UNSPECIFIED(saddr) ||
- IN4_IS_ADDR_BROADCAST(saddr) ||
- IN4_IS_ADDR_MULTICAST(saddr) || srcport == 0 ||
- IN4_IS_ADDR_UNSPECIFIED(daddr) ||
- IN4_IS_ADDR_BROADCAST(daddr) ||
- IN4_IS_ADDR_MULTICAST(daddr) || dstport == 0) {
- char sstr[INET_ADDRSTRLEN], dstr[INET_ADDRSTRLEN];
-
- debug("Invalid endpoint in TCP SYN: %s:%hu -> %s:%hu",
- inet_ntop(AF_INET, saddr, sstr, sizeof(sstr)),
- srcport,
- inet_ntop(AF_INET, daddr, dstr, sizeof(dstr)),
- dstport);
- goto cancel;
- }
- } else if (af == AF_INET6) {
- if (IN6_IS_ADDR_UNSPECIFIED(saddr) ||
- IN6_IS_ADDR_MULTICAST(saddr) || srcport == 0 ||
- IN6_IS_ADDR_UNSPECIFIED(daddr) ||
- IN6_IS_ADDR_MULTICAST(daddr) || dstport == 0) {
- char sstr[INET6_ADDRSTRLEN], dstr[INET6_ADDRSTRLEN];
-
- debug("Invalid endpoint in TCP SYN: %s:%hu -> %s:%hu",
- inet_ntop(AF_INET6, saddr, sstr, sizeof(sstr)),
- srcport,
- inet_ntop(AF_INET6, daddr, dstr, sizeof(dstr)),
- dstport);
- goto cancel;
- }
+ if (!inany_is_unicast(&tapside->eaddr) || tapside->eport == 0 ||
+ !inany_is_unicast(&tapside->faddr) || tapside->fport == 0) {
+ char sstr[INANY_ADDRSTRLEN], dstr[INANY_ADDRSTRLEN];
+
+ debug("Invalid endpoint in TCP SYN: %s:%hu -> %s:%hu",
+ inany_ntop(&tapside->eaddr, sstr, sizeof(sstr)),
+ tapside->eport,
+ inany_ntop(&tapside->faddr, dstr, sizeof(dstr)),
+ tapside->fport);
+ goto cancel;
}
if ((s = tcp_conn_sock(c, af)) < 0)
@@ -2788,31 +2768,12 @@ void tcp_listen_handler(struct ctx *c, union epoll_ref ref,
inany_from_sockaddr(&side0->eaddr, &side0->eport, &sa);
side0->fport = ref.tcp_listen.port;
- if (sa.sa_family == AF_INET) {
- const struct in_addr *addr = &sa.sa4.sin_addr;
- in_port_t port = sa.sa4.sin_port;
-
- if (IN4_IS_ADDR_UNSPECIFIED(addr) ||
- IN4_IS_ADDR_BROADCAST(addr) ||
- IN4_IS_ADDR_MULTICAST(addr) || port == 0) {
- char str[INET_ADDRSTRLEN];
+ if (!inany_is_unicast(&side0->eaddr) || side0->eport == 0) {
+ char str[INANY_ADDRSTRLEN];
- err("Invalid endpoint from TCP accept(): %s:%hu",
- inet_ntop(AF_INET, addr, str, sizeof(str)), port);
- goto cancel;
- }
- } else if (sa.sa_family == AF_INET6) {
- const struct in6_addr *addr = &sa.sa6.sin6_addr;
- in_port_t port = sa.sa6.sin6_port;
-
- if (IN6_IS_ADDR_UNSPECIFIED(addr) ||
- IN6_IS_ADDR_MULTICAST(addr) || port == 0) {
- char str[INET6_ADDRSTRLEN];
-
- err("Invalid endpoint from TCP accept(): %s:%hu",
- inet_ntop(AF_INET6, addr, str, sizeof(str)), port);
- goto cancel;
- }
+ err("Invalid endpoint from TCP accept(): %s:%hu",
+ inany_ntop(&side0->eaddr, str, sizeof(str)), side0->eport);
+ goto cancel;
}
if (tcp_splice_conn_from_sock(c, ref.tcp_listen.port, flow, s))
--
2.44.0