From 35e298d0b707ecda86e7a93e0d6e078aa55d4bf5 Mon Sep 17 00:00:00 2001 From: Shawn Carey Date: Thu, 13 Jun 2024 20:57:03 +0000 Subject: [PATCH 1/4] use addr arg instead of io->app_data->source_addr in do_bind (#867) --- lib/ziti-tunnel-cbs/ziti_hosting.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/ziti-tunnel-cbs/ziti_hosting.c b/lib/ziti-tunnel-cbs/ziti_hosting.c index 9747399a..18f841c2 100644 --- a/lib/ziti-tunnel-cbs/ziti_hosting.c +++ b/lib/ziti-tunnel-cbs/ziti_hosting.c @@ -438,20 +438,20 @@ static int do_bind(hosted_io_context io, const char *addr, int socktype) { if (uv_err != 0) { ZITI_LOG(ERROR, "hosted_service[%s], client[%s]: getaddrinfo(%s) failed: %s", - io->service->service_name, io->client_identity, io->app_data->source_addr, uv_strerror(uv_err)); + io->service->service_name, io->client_identity, addr, uv_strerror(uv_err)); return -1; } if (ai_req.addrinfo->ai_next != NULL) { ZITI_LOG(DEBUG, "hosted_service[%s], client[%s]: getaddrinfo(%s) returned multiple results; using first", - io->service->service_name, io->client_identity, io->app_data->source_addr); + io->service->service_name, io->client_identity, addr); } ziti_address src_za; ziti_address_from_sockaddr(&src_za, ai_req.addrinfo->ai_addr); // convert for easy validation if (!address_match(&src_za, &io->service->allowed_source_addresses)) { ZITI_LOG(ERROR, "hosted_service[%s], client[%s] client requested source IP %s is not allowed", - io->service->service_name, io->client_identity, io->app_data->source_addr); + io->service->service_name, io->client_identity, addr); return -1; } From 2cab71f7af62c9b76ee70c5b212447c7a2d40221 Mon Sep 17 00:00:00 2001 From: Shawn Carey Date: Fri, 14 Jun 2024 22:54:41 +0000 Subject: [PATCH 2/4] reach into address bytes when converting struct in6_addr to ziti_address. (#869) --- lib/ziti-tunnel/intercept.c | 2 +- lib/ziti-tunnel/tests/address_test.cpp | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/lib/ziti-tunnel/intercept.c b/lib/ziti-tunnel/intercept.c index c681253e..e409bfe7 100644 --- a/lib/ziti-tunnel/intercept.c +++ b/lib/ziti-tunnel/intercept.c @@ -53,7 +53,7 @@ void ziti_address_from_in6_addr(ziti_address *za, const struct in6_addr *a) { za->type = ziti_address_cidr; za->addr.cidr.af = AF_INET6; za->addr.cidr.bits = 128; - memcpy(&za->addr.cidr.ip, &a, sizeof(struct in6_addr)); + memcpy(&za->addr.cidr.ip, &a->s6_addr, sizeof(struct in6_addr)); } void ziti_address_from_sockaddr_in(ziti_address *za, const struct sockaddr_in *sin) { diff --git a/lib/ziti-tunnel/tests/address_test.cpp b/lib/ziti-tunnel/tests/address_test.cpp index 1e972e0b..965fc48c 100644 --- a/lib/ziti-tunnel/tests/address_test.cpp +++ b/lib/ziti-tunnel/tests/address_test.cpp @@ -88,4 +88,20 @@ TEST_CASE("address_match", "[address]") { REQUIRE(model_map_get(&tctx.intercepts_cache, "tcp:192.168.0.10:81") == intercept_s3); // todo hostname and wildcard dns matching +} + +TEST_CASE("address_conversion", "[address]") { + const char *ip6_str = "2768:8631:c02:ffc9::1308"; + ip_addr_t ip6; + ipaddr_aton(ip6_str, &ip6); + ziti_address za_from_ip6; + ziti_address_from_ip_addr(&za_from_ip6, &ip6); + + ziti_address za_from_str; + ziti_address_from_string(&za_from_str, ip6_str); + + char za_str[128]; + ziti_address_print(za_str, sizeof(za_str), &za_from_ip6); + fprintf(stderr, "%s converted to %s\n", ip6_str, za_str); + REQUIRE(ziti_address_match(&za_from_ip6, &za_from_str) == 0); } \ No newline at end of file From 21d0f3d8725fbc0886c7cd4a681c20e52f8bd03f Mon Sep 17 00:00:00 2001 From: Shawn Carey Date: Wed, 19 Jun 2024 13:10:55 +0000 Subject: [PATCH 3/4] set output function for ipv6 packets (#870) --- lib/ziti-tunnel/lwip/netif_shim.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/ziti-tunnel/lwip/netif_shim.c b/lib/ziti-tunnel/lwip/netif_shim.c index 96124af7..28a89415 100644 --- a/lib/ziti-tunnel/lwip/netif_shim.c +++ b/lib/ziti-tunnel/lwip/netif_shim.c @@ -36,6 +36,13 @@ static err_t netif_shim_output(struct netif *netif, struct pbuf *p, const ip4_ad return ERR_OK; } +/** + * This function is called by the TCP/IP stack when an IP6 packet should be sent. + */ +static err_t netif_shim_output_ip6(struct netif *netif, struct pbuf *p, const ip6_addr_t *ipaddr) { + return netif_shim_output(netif, p, NULL); +} + /** * This function should be called when a packet is ready to be read * from the interface. It uses the function low_level_input() that @@ -93,6 +100,7 @@ err_t netif_shim_init(struct netif *netif) { netif->name[0] = IFNAME0; netif->name[1] = IFNAME1; netif->output = netif_shim_output; + netif->output_ip6 = netif_shim_output_ip6; return ERR_OK; } \ No newline at end of file From 1da9da61b0a87de24b286291d9e4df08afdfdfe1 Mon Sep 17 00:00:00 2001 From: Shawn Carey Date: Tue, 25 Jun 2024 10:49:33 +0000 Subject: [PATCH 4/4] update macos version (#874) --- .github/workflows/cmake.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index cd9106ab..91ce8aaa 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -24,11 +24,11 @@ jobs: fail-fast: false matrix: include: - - os: macOS-11 + - os: macOS-12 name: macOS x86_64 preset: macOS-x64 - - os: macOS-11 + - os: macOS-12 name: macOS arm64 preset: macOS-arm64