MINOR: netscaler: check in one-shot if buffer is large enough for IP and TCP header
There is minimal gain in checking first the IP header length and then
the TCP header length since we always want to capture information about
both protocols.
IPv4 length calculation was incorrect since IPv4 ip_len actually defines
the total length of IPv4 header and following data.
diff --git a/src/connection.c b/src/connection.c
index e716e80..8d2fb77 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -763,9 +763,9 @@
hdr_ip4 = (struct ip *)line;
- if (trash.len < ntohs(hdr_ip4->ip_len)) {
+ if (trash.len < (ntohs(hdr_ip4->ip_len) + 20)) {
/* Fail if buffer length is not large enough to contain
- * IPv4 header */
+ * IPv4 header, TCP header */
goto missing;
}
else if (hdr_ip4->ip_p != IPPROTO_TCP) {
@@ -773,11 +773,6 @@
conn->err_code = CO_ER_CIP_BAD_PROTO;
goto fail;
}
- else if (trash.len < (20 + ntohs(hdr_ip4->ip_len))) {
- /* Fail if buffer length is not large enough to contain
- * IPv4 header, TCP header */
- goto missing;
- }
hdr_tcp = (struct my_tcphdr *)(line + (hdr_ip4->ip_hl * 4));
@@ -798,9 +793,9 @@
hdr_ip6 = (struct ip6_hdr *)line;
- if (trash.len < 40) {
+ if (trash.len < 60) {
/* Fail if buffer length is not large enough to contain
- * IPv6 header */
+ * IPv6 header, TCP header */
goto missing;
}
else if (hdr_ip6->ip6_nxt != IPPROTO_TCP) {
@@ -808,11 +803,6 @@
conn->err_code = CO_ER_CIP_BAD_PROTO;
goto fail;
}
- else if (trash.len < 60) {
- /* Fail if buffer length is not large enough to contain
- * IPv6 header, TCP header */
- goto missing;
- }
hdr_tcp = (struct my_tcphdr *)(line + sizeof(struct ip6_hdr));