kaffa/XDP-Firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check IP header validity instead of ethernet protocol.

Browse Source
This commit is contained in:
gamemann
2021-11-12 21:09:53 +00:00
parent c81987ceeb
commit 437a3eb45b
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/xdpfw_kern.c
View File

@@ -135,7 +135,7 @@ int xdp_prog_main(struct xdp_md *ctx)
} }
// Check IP header protocols. // Check IP header protocols.
if ((eth->h_proto == htons(ETH_P_IPV6) && iph6->nexthdr != IPPROTO_UDP && iph6->nexthdr != IPPROTO_TCP && iph6->nexthdr != IPPROTO_ICMP) && (eth->h_proto == htons(ETH_P_IP) && iph->protocol != IPPROTO_UDP && iph->protocol != IPPROTO_TCP && iph->protocol != IPPROTO_ICMP)) if ((iph6 && iph6->nexthdr != IPPROTO_UDP && iph6->nexthdr != IPPROTO_TCP && iph6->nexthdr != IPPROTO_ICMP) && (iph && iph->protocol != IPPROTO_UDP && iph->protocol != IPPROTO_TCP && iph->protocol != IPPROTO_ICMP))
{ {
return XDP_PASS; return XDP_PASS;
} }
@@ -398,7 +398,7 @@ int xdp_prog_main(struct xdp_md *ctx)
continue; continue;
} }
} }
else else if (iph)
{ {
// Source address. // Source address.
if (filter->srcip && iph->saddr != filter->srcip) if (filter->srcip && iph->saddr != filter->srcip)