diff options
author | David Gibson <david@gibson.dropbear.id.au> | 2024-02-28 22:25:17 +1100 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2024-02-29 09:48:17 +0100 |
commit | 3b59b9748aa13a244c173585dfbaf79dfff9ea8f (patch) | |
tree | a5ea84fc3738b0fcf6289c0292da03c00ebcefec /tap.c | |
parent | dc9a5d71e9d0abbcfb115ca20461a94a981a9344 (diff) | |
download | passt-3b59b9748aa13a244c173585dfbaf79dfff9ea8f.tar passt-3b59b9748aa13a244c173585dfbaf79dfff9ea8f.tar.gz passt-3b59b9748aa13a244c173585dfbaf79dfff9ea8f.tar.bz2 passt-3b59b9748aa13a244c173585dfbaf79dfff9ea8f.tar.lz passt-3b59b9748aa13a244c173585dfbaf79dfff9ea8f.tar.xz passt-3b59b9748aa13a244c173585dfbaf79dfff9ea8f.tar.zst passt-3b59b9748aa13a244c173585dfbaf79dfff9ea8f.zip |
tcp: Validate TCP endpoint addresses
TCP connections should typically not have wildcard addresses (0.0.0.0
or ::) nor a zero port number for either endpoint. It's not entirely
clear (at least to me) if it's strictly against the RFCs to do so, but
at any rate the socket interfaces often treat those values
specially[1], so it's not really possible to manipulate such
connections. Likewise they should not have broadcast or multicast
addresses for either endpoint.
However, nothing prevents a guest from creating a SYN packet with such
values, and it's not entirely clear what the effect on passt would be.
To ensure sane behaviour, explicitly check for this case and drop such
packets, logging a debug warning (we don't want a higher level,
because that would allow a guest to spam the logs).
We never expect such an address on an accept()ed socket either, but
just in case, check for it as well.
[1] Depending on context as "unknown", "match any" or "kernel, pick
something for me"
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'tap.c')
0 files changed, 0 insertions, 0 deletions