From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>, passt-dev@passt.top
Cc: David Gibson <david@gibson.dropbear.id.au>
Subject: [PATCH v2 1/5] conf: Don't configure port forwarding for a disabled protocol
Date: Wed, 17 Jul 2024 10:36:00 +1000 [thread overview]
Message-ID: <20240717003604.1577052-2-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20240717003604.1577052-1-david@gibson.dropbear.id.au>
UDP and/or TCP can be disabled with the --no-udp and --no-tcp options.
However, when this is specified, it's still possible to configure forwarded
ports for the disabled protocol. In some cases this will open sockets and
perform other actions, which might not be safe since the entire protocol
won't be initialised.
Check for this case, and explicitly forbid it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
conf.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/conf.c b/conf.c
index 3c38cebc..629eb897 100644
--- a/conf.c
+++ b/conf.c
@@ -132,6 +132,11 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
return;
}
+ if ((optname == 't' || optname == 'T') && c->no_tcp)
+ die("TCP port forwarding requested but TCP is disabled");
+ if ((optname == 'u' || optname == 'U') && c->no_udp)
+ die("UDP port forwarding requested but UDP is disabled");
+
if (!strcmp(optarg, "auto")) {
if (fwd->mode)
goto mode_conflict;
--
@@ -132,6 +132,11 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
return;
}
+ if ((optname == 't' || optname == 'T') && c->no_tcp)
+ die("TCP port forwarding requested but TCP is disabled");
+ if ((optname == 'u' || optname == 'U') && c->no_udp)
+ die("UDP port forwarding requested but UDP is disabled");
+
if (!strcmp(optarg, "auto")) {
if (fwd->mode)
goto mode_conflict;
--
2.45.2
next prev parent reply other threads:[~2024-07-17 0:36 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-17 0:35 [PATCH v2 0/5] Handle error events on UDP sockets David Gibson
2024-07-17 0:36 ` David Gibson [this message]
2024-07-17 0:36 ` [PATCH v2 2/5] udp: Make udp_sock_recv static David Gibson
2024-07-17 0:36 ` [PATCH v2 3/5] udp, tcp: Tweak handling of no_udp and no_tcp flags David Gibson
2024-07-17 0:36 ` [PATCH v2 4/5] util: Add AF_UNSPEC support to sockaddr_ntop() David Gibson
2024-07-17 0:36 ` [PATCH v2 5/5] udp: Handle errors on UDP sockets David Gibson
2024-07-17 6:32 ` [PATCH v2 0/5] Handle error events " Stefano Brivio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240717003604.1577052-2-david@gibson.dropbear.id.au \
--to=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).