mirror of
https://github.com/cwinfo/yggdrasil-go.git
synced 2024-11-22 16:30:27 +00:00
util: fix possible OOB in IPv4 flowkey calc, use switch there
ihl may grow upto 15*4=60 so extract and check it before using it as offset in flowkey calculation. also replace IFs with switches for protocol matching as it's less redundant and nicer to document.
This commit is contained in:
parent
a9cfa5bc0d
commit
ff5de89762
@ -103,11 +103,11 @@ func GetFlowKey(bs []byte) uint64 {
|
|||||||
// Get the IP protocol version from the packet
|
// Get the IP protocol version from the packet
|
||||||
switch bs[0] & 0xf0 {
|
switch bs[0] & 0xf0 {
|
||||||
case 0x40: // IPv4 packet
|
case 0x40: // IPv4 packet
|
||||||
// Check the packet meets minimum UDP packet length
|
ihl := (bs[0] & 0x0f) * 4 // whole IPv4 header length (min 20)
|
||||||
if len(bs) >= 24 {
|
// 8 is minimum UDP packet length
|
||||||
// Is the protocol TCP, UDP or SCTP?
|
if ihl >= 20 && len(bs)-int(ihl) >= 8 {
|
||||||
if bs[9] == 0x06 || bs[9] == 0x11 || bs[9] == 0x84 {
|
switch bs[9] /* protocol */ {
|
||||||
ihl := bs[0] & 0x0f * 4 // Header length
|
case 0x06 /* TCP */, 0x11 /* UDP */, 0x84 /* SCTP */ :
|
||||||
flowkey = uint64(bs[9])<<32 /* proto */ |
|
flowkey = uint64(bs[9])<<32 /* proto */ |
|
||||||
uint64(bs[ihl+0])<<24 | uint64(bs[ihl+1])<<16 /* sport */ |
|
uint64(bs[ihl+0])<<24 | uint64(bs[ihl+1])<<16 /* sport */ |
|
||||||
uint64(bs[ihl+2])<<8 | uint64(bs[ihl+3]) /* dport */
|
uint64(bs[ihl+2])<<8 | uint64(bs[ihl+3]) /* dport */
|
||||||
@ -119,8 +119,8 @@ func GetFlowKey(bs []byte) uint64 {
|
|||||||
// If the flowlabel isn't present, make protokey from proto | sport | dport
|
// If the flowlabel isn't present, make protokey from proto | sport | dport
|
||||||
// if the packet meets minimum UDP packet length
|
// if the packet meets minimum UDP packet length
|
||||||
if flowkey == 0 && len(bs) >= 48 {
|
if flowkey == 0 && len(bs) >= 48 {
|
||||||
// Is the protocol TCP, UDP or SCTP?
|
switch bs[9] /* protocol */ {
|
||||||
if bs[6] == 0x06 || bs[6] == 0x11 || bs[6] == 0x84 {
|
case 0x06 /* TCP */, 0x11 /* UDP */, 0x84 /* SCTP */ :
|
||||||
flowkey = uint64(bs[6])<<32 /* proto */ |
|
flowkey = uint64(bs[6])<<32 /* proto */ |
|
||||||
uint64(bs[40])<<24 | uint64(bs[41])<<16 /* sport */ |
|
uint64(bs[40])<<24 | uint64(bs[41])<<16 /* sport */ |
|
||||||
uint64(bs[42])<<8 | uint64(bs[43]) /* dport */
|
uint64(bs[42])<<8 | uint64(bs[43]) /* dport */
|
||||||
|
Loading…
Reference in New Issue
Block a user