mirror of
https://passt.top/passt
synced 2025-01-23 04:35:19 +00:00
d5b80ccc72
Port numbers (for both TCP and UDP) are 16-bit, and so fit exactly into a 'short'. USHRT_MAX is therefore the maximum port number and this is widely used in the code. Unfortunately, a lot of those places don't actually want the maximum port number (USHRT_MAX == 65535), they want the total number of ports (65536). This leads to a number of potentially nasty consequences: * We have buffer overruns on the port_fwd::delta array if we try to use port 65535 * We have similar potential overruns for the tcp_sock_* arrays * Interestingly udp_act had the correct size, but we can calculate it in a more direct manner * We have a logical overrun of the ports bitmap as well, although it will just use an unused bit in the last byte so isnt harmful * Many loops don't consider port 65535 (which does mitigate some but not all of the buffer overruns above) * In udp_invert_portmap() we incorrectly compute the reverse port translation for return packets Correct all these by using a new NUM_PORTS defined explicitly for this purpose. Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
35 lines
817 B
C
35 lines
817 B
C
/* SPDX-License-Identifier: AGPL-3.0-or-later
|
|
* Copyright Red Hat
|
|
* Author: Stefano Brivio <sbrivio@redhat.com>
|
|
* Author: David Gibson <david@gibson.dropbear.id.au>
|
|
*/
|
|
|
|
#ifndef PORT_FWD_H
|
|
#define PORT_FWD_H
|
|
|
|
/* Number of ports for both TCP and UDP */
|
|
#define NUM_PORTS (1U << 16)
|
|
|
|
enum port_fwd_mode {
|
|
FWD_SPEC = 1,
|
|
FWD_NONE,
|
|
FWD_AUTO,
|
|
FWD_ALL,
|
|
};
|
|
|
|
#define PORT_BITMAP_SIZE DIV_ROUND_UP(NUM_PORTS, 8)
|
|
|
|
/**
|
|
* port_fwd - Describes port forwarding for one protocol and direction
|
|
* @mode: Overall forwarding mode (all, none, auto, specific ports)
|
|
* @map: Bitmap describing which ports are forwarded
|
|
* @delta: Offset between the original destination and mapped port number
|
|
*/
|
|
struct port_fwd {
|
|
enum port_fwd_mode mode;
|
|
uint8_t map[PORT_BITMAP_SIZE];
|
|
in_port_t delta[NUM_PORTS];
|
|
};
|
|
|
|
#endif /* PORT_FWD_H */
|