diff options
author | David Gibson <david@gibson.dropbear.id.au> | 2024-12-05 15:26:02 +1100 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2024-12-05 21:08:58 +0100 |
commit | 190829705e315972a7c674d2fa55d322aa18d26e (patch) | |
tree | 439055ab61128eb089fb80c7df885d35353f4cfc | |
parent | 1db4f773e87fc77eae2c4965a6bb90fcb56a0ff3 (diff) | |
download | passt-190829705e315972a7c674d2fa55d322aa18d26e.tar passt-190829705e315972a7c674d2fa55d322aa18d26e.tar.gz passt-190829705e315972a7c674d2fa55d322aa18d26e.tar.bz2 passt-190829705e315972a7c674d2fa55d322aa18d26e.tar.lz passt-190829705e315972a7c674d2fa55d322aa18d26e.tar.xz passt-190829705e315972a7c674d2fa55d322aa18d26e.tar.zst passt-190829705e315972a7c674d2fa55d322aa18d26e.zip |
flow: Remove over-zealous sanity checks in flow_sidx_hash()
In flow_sidx_hash() we verify that the flow we're hashing doesn't have an
unspecified endpoint address, or zero for either port. The hash table only
works if we're looking for exact matches of address and port, and this is
attempting to catch any cases where we might have left address or port
unpopulated or filled with a wildcard.
This doesn't really work though, because there are cases where unspecified
addresses or zero ports are correct:
* We already use unspecified addresses for our address in cases where we
don't know the specific local address for that side, and exclude the
obvious extra check on side->oaddr for that reason.
* Zero port numbers aren't strictly forbidden over the wire. We forbid
them for TCP & UDP because they can't safely be handled on the socket
side. However for ICMP a zero id, which goes in the port field is
valid.
* Possible future flow types (for example, for multicast protocols) might
legitimately have an unspecified address.
Although it makes them easier to miss, these sorts of sanity checks really
have to be done at the protocol / flow type layer, and we already do so.
Remove the checks in flow_sidx_hash() other than checking that the pif
is specified.
Reported-by: Stefan <steffhip@gmail.com>
Link: https://bugs.passt.top/show_bug.cgi?id=105
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-rw-r--r-- | flow.c | 7 |
1 files changed, 1 insertions, 6 deletions
@@ -597,12 +597,7 @@ static uint64_t flow_sidx_hash(const struct ctx *c, flow_sidx_t sidx) const struct flowside *side = &f->side[sidx.sidei]; uint8_t pif = f->pif[sidx.sidei]; - /* For the hash table to work, entries must have complete endpoint - * information, and at least a forwarding port. - */ - ASSERT(pif != PIF_NONE && !inany_is_unspecified(&side->eaddr) && - side->eport != 0 && side->oport != 0); - + ASSERT(pif != PIF_NONE); return flow_hash(c, FLOW_PROTO(f), pif, side); } |