sync main with release-1.x

.github/workflows/cmake.yml

@@ -24,11 +24,11 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: macOS-11
+          - os: macOS-12
             name: macOS x86_64
             preset: macOS-x64
 
-          - os: macOS-11
+          - os: macOS-12
             name: macOS arm64
             preset: macOS-arm64
 

lib/ziti-tunnel-cbs/ziti_hosting.c

@@ -438,20 +438,20 @@ static int do_bind(hosted_io_context io, const char *addr, int socktype) {
 
     if (uv_err != 0) {
         ZITI_LOG(ERROR, "hosted_service[%s], client[%s]: getaddrinfo(%s) failed: %s",
-                 io->service->service_name, io->client_identity, io->app_data->source_addr, uv_strerror(uv_err));
+                 io->service->service_name, io->client_identity, addr, uv_strerror(uv_err));
         return -1;
     }
 
     if (ai_req.addrinfo->ai_next != NULL) {
         ZITI_LOG(DEBUG, "hosted_service[%s], client[%s]: getaddrinfo(%s) returned multiple results; using first",
-                 io->service->service_name, io->client_identity, io->app_data->source_addr);
+                 io->service->service_name, io->client_identity, addr);
     }
 
     ziti_address src_za;
     ziti_address_from_sockaddr(&src_za, ai_req.addrinfo->ai_addr); // convert for easy validation
     if (!address_match(&src_za, &io->service->allowed_source_addresses)) {
         ZITI_LOG(ERROR, "hosted_service[%s], client[%s] client requested source IP %s is not allowed",
-                 io->service->service_name, io->client_identity, io->app_data->source_addr);
+                 io->service->service_name, io->client_identity, addr);
         return -1;
     }
 

lib/ziti-tunnel/intercept.c

@@ -53,7 +53,7 @@ void ziti_address_from_in6_addr(ziti_address *za, const struct in6_addr *a) {
     za->type = ziti_address_cidr;
     za->addr.cidr.af = AF_INET6;
     za->addr.cidr.bits = 128;
-    memcpy(&za->addr.cidr.ip, &a, sizeof(struct in6_addr));
+    memcpy(&za->addr.cidr.ip, &a->s6_addr, sizeof(struct in6_addr));
 }
 
 void ziti_address_from_sockaddr_in(ziti_address *za, const struct sockaddr_in *sin) {

lib/ziti-tunnel/lwip/netif_shim.c

@@ -36,6 +36,13 @@ static err_t netif_shim_output(struct netif *netif, struct pbuf *p, const ip4_ad
     return ERR_OK;
 }
 
+/**
+ * This function is called by the TCP/IP stack when an IP6 packet should be sent.
+ */
+static err_t netif_shim_output_ip6(struct netif *netif, struct pbuf *p, const ip6_addr_t *ipaddr) {
+    return netif_shim_output(netif, p, NULL);
+}
+
 /**
  * This function should be called when a packet is ready to be read
  * from the interface. It uses the function low_level_input() that
@@ -93,6 +100,7 @@ err_t netif_shim_init(struct netif *netif) {
     netif->name[0] = IFNAME0;
     netif->name[1] = IFNAME1;
     netif->output = netif_shim_output;
+    netif->output_ip6 = netif_shim_output_ip6;
 
     return ERR_OK;
 }

lib/ziti-tunnel/tests/address_test.cpp

@@ -88,4 +88,20 @@ TEST_CASE("address_match", "[address]") {
     REQUIRE(model_map_get(&tctx.intercepts_cache, "tcp:192.168.0.10:81") == intercept_s3);
 
     // todo hostname and wildcard dns matching
+}
+
+TEST_CASE("address_conversion", "[address]") {
+    const char *ip6_str = "2768:8631:c02:ffc9::1308";
+    ip_addr_t ip6;
+    ipaddr_aton(ip6_str, &ip6);
+    ziti_address za_from_ip6;
+    ziti_address_from_ip_addr(&za_from_ip6, &ip6);
+
+    ziti_address za_from_str;
+    ziti_address_from_string(&za_from_str, ip6_str);
+
+    char za_str[128];
+    ziti_address_print(za_str, sizeof(za_str), &za_from_ip6);
+    fprintf(stderr, "%s converted to %s\n", ip6_str, za_str);
+    REQUIRE(ziti_address_match(&za_from_ip6, &za_from_str) == 0);
 }