Added protocol to key required to properly remove masquerade/reverse_…

…masq map entries on tcp session termination events
netfoundry · Aug 26, 2024 · ffc822c · ffc822c
1 parent caa6cc5
commit ffc822c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/src/zfw_tc_ingress.c b/src/zfw_tc_ingress.c
@@ -1969,13 +1969,15 @@ int bpf_sk_splice(struct __sk_buff *skb){
                             rk.ifindex = event.ifindex;
                             rk.__in46_u_dest.ip = tcp_state_key.__in46_u_src.ip;
                             rk.__in46_u_src.ip = tcp_state_key.__in46_u_dst.ip;
+                            rk.protocol = IPPROTO_TCP;
                             struct masq_value *rv = get_reverse_masquerade(rk);
                             if(rv){
                                 struct masq_key mk = {0};
                                 mk.dport = tcph->source;
                                 mk.sport = rv->o_sport;
                                 mk.__in46_u_dest.ip = iph->saddr;
                                 mk.ifindex = event.ifindex;
+                                mk.protocol = IPPROTO_TCP;
                                 del_masq(mk);
                             }
                             del_reverse_masq(rk);
@@ -1999,13 +2001,15 @@ int bpf_sk_splice(struct __sk_buff *skb){
                                 rk.ifindex = event.ifindex;
                                 rk.__in46_u_dest.ip = tcp_state_key.__in46_u_src.ip;
                                 rk.__in46_u_src.ip = tcp_state_key.__in46_u_dst.ip;
+                                rk.protocol = IPPROTO_TCP;
                                 struct masq_value *rv = get_reverse_masquerade(rk);
                                 if(rv){
                                     struct masq_key mk = {0};
                                     mk.dport = tcph->source;
                                     mk.sport = rv->o_sport;
                                     mk.__in46_u_dest.ip = iph->saddr;
                                     mk.ifindex = event.ifindex;
+                                    mk.protocol = IPPROTO_TCP;
                                     del_masq(mk);
                                 }
                                 del_reverse_masq(rk);

diff --git a/src/zfw_tc_outbound_track.c b/src/zfw_tc_outbound_track.c
@@ -2431,12 +2431,14 @@ int bpf_sk_splice6(struct __sk_buff *skb){
                         rk.ifindex = event.ifindex;
                         rk.__in46_u_dest.ip = tcp_state_key.__in46_u_dst.ip;
                         rk.__in46_u_src.ip = tcp_state_key.__in46_u_src.ip;
+                        rk.protocol = IPPROTO_TCP;
                         del_reverse_masq(rk);
                         struct masq_key mk = {0};
                         mk.dport = tcph->dest;
                         mk.sport = tcph->source;
                         mk.__in46_u_dest.ip = iph->daddr;
                         mk.ifindex = event.ifindex;
+                        mk.protocol = IPPROTO_TCP;
                         del_masq(mk);
                     }
                     del_tcp(tcp_state_key);
@@ -2469,12 +2471,14 @@ int bpf_sk_splice6(struct __sk_buff *skb){
                             rk.ifindex = event.ifindex;
                             rk.__in46_u_dest.ip = tcp_state_key.__in46_u_dst.ip;
                             rk.__in46_u_src.ip = tcp_state_key.__in46_u_src.ip;
+                            rk.protocol = IPPROTO_TCP;
                             del_reverse_masq(rk);
                             struct masq_key mk = {0};
                             mk.dport = tcph->dest;
                             mk.sport = tcph->source;
                             mk.__in46_u_dest.ip = iph->daddr;
                             mk.ifindex = event.ifindex;
+                            mk.protocol = IPPROTO_TCP;
                             del_masq(mk);
                         }
                         del_tcp(tcp_state_key);