aboutgitcodebugslistschat
path: root/tap.c
diff options
context:
space:
mode:
authorDavid Gibson <david@gibson.dropbear.id.au>2024-02-28 22:25:17 +1100
committerStefano Brivio <sbrivio@redhat.com>2024-02-29 09:48:17 +0100
commit3b59b9748aa13a244c173585dfbaf79dfff9ea8f (patch)
treea5ea84fc3738b0fcf6289c0292da03c00ebcefec /tap.c
parentdc9a5d71e9d0abbcfb115ca20461a94a981a9344 (diff)
downloadpasst-3b59b9748aa13a244c173585dfbaf79dfff9ea8f.tar
passt-3b59b9748aa13a244c173585dfbaf79dfff9ea8f.tar.gz
passt-3b59b9748aa13a244c173585dfbaf79dfff9ea8f.tar.bz2
passt-3b59b9748aa13a244c173585dfbaf79dfff9ea8f.tar.lz
passt-3b59b9748aa13a244c173585dfbaf79dfff9ea8f.tar.xz
passt-3b59b9748aa13a244c173585dfbaf79dfff9ea8f.tar.zst
passt-3b59b9748aa13a244c173585dfbaf79dfff9ea8f.zip
tcp: Validate TCP endpoint addresses
TCP connections should typically not have wildcard addresses (0.0.0.0 or ::) nor a zero port number for either endpoint. It's not entirely clear (at least to me) if it's strictly against the RFCs to do so, but at any rate the socket interfaces often treat those values specially[1], so it's not really possible to manipulate such connections. Likewise they should not have broadcast or multicast addresses for either endpoint. However, nothing prevents a guest from creating a SYN packet with such values, and it's not entirely clear what the effect on passt would be. To ensure sane behaviour, explicitly check for this case and drop such packets, logging a debug warning (we don't want a higher level, because that would allow a guest to spam the logs). We never expect such an address on an accept()ed socket either, but just in case, check for it as well. [1] Depending on context as "unknown", "match any" or "kernel, pick something for me" Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'tap.c')
0 files changed, 0 insertions, 0 deletions