bool Filter::Accept(Message &aMessage) const { bool rval = false; Header ip6; UdpHeader udp; TcpHeader tcp; uint16_t dstport; // Allow all received IPv6 datagrams with link security enabled if (aMessage.IsLinkSecurityEnabled()) { ExitNow(rval = true); } // Read IPv6 header VerifyOrExit(sizeof(ip6) == aMessage.Read(0, sizeof(ip6), &ip6)); // Allow only link-local unicast or multicast VerifyOrExit(ip6.GetDestination().IsLinkLocal() || ip6.GetDestination().IsLinkLocalMulticast()); switch (ip6.GetNextHeader()) { case kProtoUdp: // Read the UDP header and get the dst port VerifyOrExit(sizeof(udp) == aMessage.Read(sizeof(ip6), sizeof(udp), &udp)); dstport = udp.GetDestinationPort(); // Allow MLE traffic if (dstport == Mle::kUdpPort) { ExitNow(rval = true); } break; case kProtoTcp: // Read the TCP header and get the dst port VerifyOrExit(sizeof(tcp) == aMessage.Read(sizeof(ip6), sizeof(tcp), &tcp)); dstport = tcp.GetDestinationPort(); break; default: // Allow UDP or TCP traffic only ExitNow(); } // Check against allowed unsecure port list for (int i = 0; i < kMaxUnsecurePorts; i++) { if (mUnsecurePorts[i] != 0 && mUnsecurePorts[i] == dstport) { ExitNow(rval = true); } } exit: return rval; }
otError Udp::HandleMessage(Message &aMessage, MessageInfo &aMessageInfo) { otError error = OT_ERROR_NONE; UdpHeader udpHeader; uint16_t payloadLength; uint16_t checksum; payloadLength = aMessage.GetLength() - aMessage.GetOffset(); // check length VerifyOrExit(payloadLength >= sizeof(UdpHeader), error = OT_ERROR_PARSE); // verify checksum checksum = Ip6::ComputePseudoheaderChecksum(aMessageInfo.GetPeerAddr(), aMessageInfo.GetSockAddr(), payloadLength, kProtoUdp); checksum = aMessage.UpdateChecksum(checksum, aMessage.GetOffset(), payloadLength); #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION VerifyOrExit(checksum == 0xffff, error = OT_ERROR_DROP); #endif VerifyOrExit(aMessage.Read(aMessage.GetOffset(), sizeof(udpHeader), &udpHeader) == sizeof(udpHeader), error = OT_ERROR_PARSE); aMessage.MoveOffset(sizeof(udpHeader)); aMessageInfo.mPeerPort = udpHeader.GetSourcePort(); aMessageInfo.mSockPort = udpHeader.GetDestinationPort(); // find socket for (UdpSocket *socket = mSockets; socket; socket = socket->GetNext()) { if (socket->GetSockName().mPort != udpHeader.GetDestinationPort()) { continue; } if (socket->GetSockName().mScopeId != 0 && socket->GetSockName().mScopeId != aMessageInfo.mInterfaceId) { continue; } if (!aMessageInfo.GetSockAddr().IsMulticast() && !socket->GetSockName().GetAddress().IsUnspecified() && socket->GetSockName().GetAddress() != aMessageInfo.GetSockAddr()) { continue; } // verify source if connected socket if (socket->GetPeerName().mPort != 0) { if (socket->GetPeerName().mPort != udpHeader.GetSourcePort()) { continue; } if (!socket->GetPeerName().GetAddress().IsUnspecified() && socket->GetPeerName().GetAddress() != aMessageInfo.GetPeerAddr()) { continue; } } socket->HandleUdpReceive(aMessage, aMessageInfo); } exit: return error; }