From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id E15B45A026A for ; Thu, 3 Nov 2022 04:09:32 +0100 (CET) Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4N2pdM1c9jz4xP9; Thu, 3 Nov 2022 14:09:27 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1667444967; bh=nVLVTL0dE9bDRGTZuN8/Dh8uliYfLeNUKn8EQOUMP58=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Y9tAETlLed1Hxg1RNOZVDXajSZfcqJUNEpugG1nSzGHmlVS42xPzcgE9E2pqAM4ow rj9qewOmxKgzUWoPDzUJAS7fqiyatIBbXUs1YXdGhxj3PyiR2/l3eWHD36tEMKF+DA xBCFfXrQXpcTpz07CR943RXko4BAbskTh3p3vqxs= From: David Gibson To: passt-dev@passt.top, Stefano Brivio Subject: [PATCH 3/4] Use IPV4_IS_LOOPBACK more widely Date: Thu, 3 Nov 2022 14:09:24 +1100 Message-Id: <20221103030925.2561571-4-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221103030925.2561571-1-david@gibson.dropbear.id.au> References: <20221103030925.2561571-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: UGUOCWFGL4I5FBEHUBHF5NIUQ7P2SZ75 X-Message-ID-Hash: UGUOCWFGL4I5FBEHUBHF5NIUQ7P2SZ75 X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.3 Precedence: list List-Id: Development discussion and patches for passt Archived-At: <> Archived-At: List-Archive: <> List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This macro checks if an IPv4 address is in the loopback network (127.0.0.0/8). There are two places where we open code an identical check, use the macro instead. There are also a number of places we specifically exclude the loopback address (127.0.0.1), but we should actually be excluding anything in the loopback network. Change those sites to use the macro as well. Signed-off-by: David Gibson --- conf.c | 8 ++++---- udp.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/conf.c b/conf.c index 6c2a9ad..c36403d 100644 --- a/conf.c +++ b/conf.c @@ -389,7 +389,7 @@ static void get_dns(struct ctx *c) dns4 - &c->ip4.dns[0] < ARRAY_SIZE(c->ip4.dns) - 1 && inet_pton(AF_INET, p + 1, dns4)) { /* We can only access local addresses via the gw redirect */ - if (ntohl(*dns4) >> IN_CLASSA_NSHIFT == IN_LOOPBACKNET) { + if (IPV4_IS_LOOPBACK(ntohl(*dns4))) { if (c->no_map_gw) { *dns4 = 0; continue; @@ -1190,7 +1190,7 @@ void conf(struct ctx *c, int argc, char **argv) inet_pton(AF_INET, optarg, &c->ip4.dns_fwd) && c->ip4.dns_fwd != htonl(INADDR_ANY) && c->ip4.dns_fwd != htonl(INADDR_BROADCAST) && - c->ip4.dns_fwd != htonl(INADDR_LOOPBACK)) + !IPV4_IS_LOOPBACK(ntohl(c->ip4.dns_fwd))) break; err("Invalid DNS forwarding address: %s", optarg); @@ -1389,7 +1389,7 @@ void conf(struct ctx *c, int argc, char **argv) inet_pton(AF_INET, optarg, &c->ip4.addr) && c->ip4.addr != htonl(INADDR_ANY) && c->ip4.addr != htonl(INADDR_BROADCAST) && - c->ip4.addr != htonl(INADDR_LOOPBACK) && + !IPV4_IS_LOOPBACK(ntohl(c->ip4.addr)) && !IN_MULTICAST(ntohl(c->ip4.addr))) break; @@ -1425,7 +1425,7 @@ void conf(struct ctx *c, int argc, char **argv) inet_pton(AF_INET, optarg, &c->ip4.gw) && c->ip4.gw != htonl(INADDR_ANY) && c->ip4.gw != htonl(INADDR_BROADCAST) && - c->ip4.gw != htonl(INADDR_LOOPBACK)) + !IPV4_IS_LOOPBACK(ntohl(c->ip4.gw))) break; err("Invalid gateway address: %s", optarg); diff --git a/udp.c b/udp.c index 4b201d3..7ce533d 100644 --- a/udp.c +++ b/udp.c @@ -680,7 +680,7 @@ static void udp_sock_fill_data_v4(const struct ctx *c, int n, src = ntohl(b->s_in.sin_addr.s_addr); src_port = ntohs(b->s_in.sin_port); - if (src >> IN_CLASSA_NSHIFT == IN_LOOPBACKNET || + if (IPV4_IS_LOOPBACK(src) || src == INADDR_ANY || src == ntohl(c->ip4.addr_seen)) { b->iph.saddr = c->ip4.gw; udp_tap_map[V4][src_port].ts = now->tv_sec; -- 2.38.1