Fix issue with port range matching due to port in network byte order.

2025-03-25 11:35:33 -04:00
parent 2060f41081
commit 869eaf668b
2 changed files with 11 additions and 11 deletions
--- a/src/loader/utils/xdp.c
+++ b/src/loader/utils/xdp.c
@@ -304,7 +304,7 @@ int update_filter(int map_filters, filter_rule_cfg_t* filter_cfg, int idx)
        filter.ip.dst_ip = ip_range.ip;
        filter.ip.dst_cidr = ip_range.cidr;
    }
-    
+
 #ifdef ENABLE_IPV6
    if (filter_cfg->ip.src_ip6)
    {
@@ -372,8 +372,8 @@ int update_filter(int map_filters, filter_rule_cfg_t* filter_cfg, int idx)
        filter.tcp.do_sport_min = 1;
        filter.tcp.do_sport_max = 1;

-        filter.tcp.sport_min = htons(tcp_src_port_range.min);
-        filter.tcp.sport_max = htons(tcp_src_port_range.max);
+        filter.tcp.sport_min = tcp_src_port_range.min;
+        filter.tcp.sport_max = tcp_src_port_range.max;
    }

    port_range_t tcp_dst_port_range = parse_port_range(filter_cfg->tcp.dport);
@@ -383,8 +383,8 @@ int update_filter(int map_filters, filter_rule_cfg_t* filter_cfg, int idx)
        filter.tcp.do_dport_min = 1;
        filter.tcp.do_dport_max = 1;

-        filter.tcp.dport_min = htons(tcp_dst_port_range.min);
-        filter.tcp.dport_max = htons(tcp_dst_port_range.max);
+        filter.tcp.dport_min = tcp_dst_port_range.min;
+        filter.tcp.dport_max = tcp_dst_port_range.max;
    }

    if (filter_cfg->tcp.urg > -1)
--- a/src/xdp/prog.c
+++ b/src/xdp/prog.c
@@ -497,23 +497,23 @@ int xdp_prog_main(struct xdp_md *ctx)
            }

            // Source port checks.
-            if (filter->tcp.do_sport_min && tcph->source < filter->tcp.sport_min)
+            if (filter->tcp.do_sport_min && ntohs(tcph->source) < filter->tcp.sport_min)
            {
                continue;
            }

-            if (filter->tcp.do_sport_max && tcph->source > filter->tcp.sport_max)
+            if (filter->tcp.do_sport_max && ntohs(tcph->source) > filter->tcp.sport_max)
            {
                continue;
            }

            // Destination port checks.
-            if (filter->tcp.do_dport_min && tcph->dest < filter->tcp.dport_min)
+            if (filter->tcp.do_dport_min && ntohs(tcph->dest) < filter->tcp.dport_min)
            {
                continue;
            }

-            if (filter->tcp.do_dport_max && tcph->dest > filter->tcp.dport_max)
+            if (filter->tcp.do_dport_max && ntohs(tcph->dest) > filter->tcp.dport_max)
            {
                continue;
            }
@@ -575,12 +575,12 @@ int xdp_prog_main(struct xdp_md *ctx)
            }

            // Source port checks.
-            if (filter->udp.do_sport_min && udph->source < filter->udp.sport_min)
+            if (filter->udp.do_sport_min && ntohs(udph->source) < filter->udp.sport_min)
            {
                continue;
            }

-            if (filter->udp.do_sport_max && udph->source > filter->udp.sport_max)
+            if (filter->udp.do_sport_max && ntohs(udph->source) > filter->udp.sport_max)
            {
                continue;
            }