face, mgmt: improve face creation failure and bad URI handling
Prevent creation of faces to endpoints owned by NFD instance
Prevent creation of UDP broadcast faces (255.255.255.255 and
those belonging to machine's interfaces) in response to
face creation command
Sanity check configuration file port numbers in face manager
refs: #1414, #1427
Change-Id: Ia3f0a9337f3d97c34388773eab05bc39ad6dd804
diff --git a/daemon/face/tcp-factory.cpp b/daemon/face/tcp-factory.cpp
index d301350..cd3119e 100644
--- a/daemon/face/tcp-factory.cpp
+++ b/daemon/face/tcp-factory.cpp
@@ -7,6 +7,7 @@
#include "tcp-factory.hpp"
#include "core/resolver.hpp"
#include "core/logger.hpp"
+#include "core/network-interface.hpp"
NFD_LOG_INIT("TcpFactory");
@@ -15,6 +16,78 @@
TcpFactory::TcpFactory(const std::string& defaultPort/* = "6363"*/)
: m_defaultPort(defaultPort)
{
+
+}
+
+void
+TcpFactory::prohibitEndpoint(const tcp::Endpoint& endpoint)
+{
+ using namespace boost::asio::ip;
+
+ static const address_v4 ALL_V4_ENDPOINT(address_v4::from_string("0.0.0.0"));
+ static const address_v6 ALL_V6_ENDPOINT(address_v6::from_string("::"));
+
+ const address& address = endpoint.address();
+
+ if (address.is_v4() && address == ALL_V4_ENDPOINT)
+ {
+ prohibitAllIpv4Endpoints(endpoint.port());
+ }
+ else if (endpoint.address().is_v6() && address == ALL_V6_ENDPOINT)
+ {
+ prohibitAllIpv6Endpoints(endpoint.port());
+ }
+
+ NFD_LOG_TRACE("prohibiting TCP " <<
+ endpoint.address().to_string() << ":" << endpoint.port());
+
+ m_prohibitedEndpoints.insert(endpoint);
+}
+
+void
+TcpFactory::prohibitAllIpv4Endpoints(const uint16_t port)
+{
+ using namespace boost::asio::ip;
+
+ const std::list<shared_ptr<NetworkInterfaceInfo> > nicList(listNetworkInterfaces());
+
+ for (std::list<shared_ptr<NetworkInterfaceInfo> >::const_iterator i = nicList.begin();
+ i != nicList.end();
+ ++i)
+ {
+ const shared_ptr<NetworkInterfaceInfo>& nic = *i;
+ const std::vector<address_v4>& ipv4Addresses = nic->ipv4Addresses;
+
+ for (std::vector<address_v4>::const_iterator j = ipv4Addresses.begin();
+ j != ipv4Addresses.end();
+ ++j)
+ {
+ prohibitEndpoint(tcp::Endpoint(*j, port));
+ }
+ }
+}
+
+void
+TcpFactory::prohibitAllIpv6Endpoints(const uint16_t port)
+{
+ using namespace boost::asio::ip;
+
+ const std::list<shared_ptr<NetworkInterfaceInfo> > nicList(listNetworkInterfaces());
+
+ for (std::list<shared_ptr<NetworkInterfaceInfo> >::const_iterator i = nicList.begin();
+ i != nicList.end();
+ ++i)
+ {
+ const shared_ptr<NetworkInterfaceInfo>& nic = *i;
+ const std::vector<address_v6>& ipv6Addresses = nic->ipv6Addresses;
+
+ for (std::vector<address_v6>::const_iterator j = ipv6Addresses.begin();
+ j != ipv6Addresses.end();
+ ++j)
+ {
+ prohibitEndpoint(tcp::Endpoint(*j, port));
+ }
+ }
}
shared_ptr<TcpChannel>
@@ -26,6 +99,8 @@
channel = make_shared<TcpChannel>(boost::cref(endpoint));
m_channels[endpoint] = channel;
+ prohibitEndpoint(endpoint);
+
NFD_LOG_DEBUG("Channel [" << endpoint << "] created");
return channel;
}
@@ -57,6 +132,11 @@
else if (uri.getScheme() == "tcp6")
addressSelector = resolver::Ipv6Address();
+ if (!uri.getPath().empty())
+ {
+ onConnectFailed("Invalid URI");
+ }
+
TcpResolver::asyncResolve(uri.getHost(),
uri.getPort().empty() ? m_defaultPort : uri.getPort(),
bind(&TcpFactory::continueCreateFaceAfterResolve, this, _1,
@@ -70,6 +150,13 @@
const FaceCreatedCallback& onCreated,
const FaceConnectFailedCallback& onConnectFailed)
{
+ if (m_prohibitedEndpoints.find(endpoint) != m_prohibitedEndpoints.end())
+ {
+ onConnectFailed("Requested endpoint is prohibited "
+ "(reserved by this NFD or disallowed by face management protocol)");
+ return;
+ }
+
// very simple logic for now
for (ChannelMap::iterator channel = m_channels.begin();