tlv: add write Cookie TLV support

This is linked to "Cookie TLV" section from RFC8803: https://www.rfc-editor.org/rfc/rfc8803.html#name-the-cookie-tlv The Cookie TLV (Figure 21) is an optional TLV that is similar to the TCP Fast Open Cookie [RFC7413]. A Transport Converter may want to verify that a Client can receive the packets that it sends to prevent attacks from spoofed addresses. This verification can be done by using a Cookie that is bound to, for example, the IP address(es) of the Client. This Cookie can be configured on the Client by means that are outside of this document or provided by the Transport Converter. A Transport Converter that has been configured to use the optional Cookie TLV MUST verify the presence of this TLV in the payload of the received SYN. If this TLV is present, the Transport Converter MUST validate the Cookie by means similar to those in Section 4.1.2 of [RFC7413] (i.e., IsCookieValid). If the Cookie is valid, the connection establishment procedure can continue. Otherwise, the Transport Converter MUST return an Error TLV set to "Not Authorized" and close the connection. If the received SYN did not contain a Cookie TLV, and cookie validation is required, the Transport Converter MAY compute a Cookie bound to this Client address. In such case, the Transport Converter MUST return an Error TLV set to "Missing Cookie" and the computed Cookie and close the connection. The Client will react to this error by first issuing a reset to terminate the connection. It also stores the received Cookie in its cache and attempts to reestablish a new connection to the Transport Converter that includes the Cookie TLV. The format of the Cookie TLV is shown in Figure 21. 0 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +---------------+---------------+-------------------------------+ | Type=0x16 | Length | Zero | +---------------+---------------+-------------------------------+ / Opaque Cookie / / ... / +---------------------------------------------------------------+ Figure 21: The Cookie TLV In this commit, only the write part has been added. The parsing has been done in the previous commit. Signed-off-by: Matthieu Baerts <[email protected]>
Tessares · Apr 30, 2021 · 7d46c3c · 7d46c3c
1 parent 6a34c7b
commit 7d46c3c
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 3 deletions.
diff --git a/convert_util.c b/convert_util.c
@@ -238,6 +238,23 @@ _convert_write_tlv_extended_tcp_hdr(uint8_t *buff, size_t buff_len,
 	return length;
 }
 
+static ssize_t
+_convert_write_tlv_cookie(uint8_t *buff, size_t buff_len,
+                          const struct convert_opts *opts)
+{
+	struct convert_cookie * cookie	= (struct convert_cookie *)buff;
+	size_t			length	= CONVERT_ALIGN(sizeof(*cookie) +
+	                                                opts->cookie_len);
+
+	if (buff_len < length)
+		return -1;
+
+	memset(cookie, '\0', length);
+	memcpy(cookie->opaque, opts->cookie_data, opts->cookie_len);
+
+	return length;
+}
+
 static struct {
 	uint32_t	flag;
 	uint8_t		type;
@@ -267,7 +284,7 @@ static struct {
 	[_CONVERT_F_COOKIE] =		 {
 		.flag	= CONVERT_F_COOKIE,
 		.type	= CONVERT_COOKIE,
-		.cb	= _convert_write_tlv_not_supp,
+		.cb	= _convert_write_tlv_cookie,
 	},
 	[_CONVERT_F_ERROR] =		 {
 		.flag	= CONVERT_F_ERROR,

diff --git a/tests/check_convert_util.c b/tests/check_convert_util.c
@@ -316,10 +316,11 @@ END_TEST
 
 START_TEST (test_convert_write_tlvs) {
 	unsigned int	i;
-	uint8_t *	(*tlv_builders[3])(size_t *len) = {
+	uint8_t *	(*tlv_builders[4])(size_t *len) = {
 		(uint8_t * (*)(size_t *))sample_convert_connect_tlv,
 		(uint8_t * (*)(size_t *))sample_convert_error_tlv,
-		(uint8_t * (*)(size_t *))sample_convert_tcp_ext_hdr_tlv
+		(uint8_t * (*)(size_t *))sample_convert_tcp_ext_hdr_tlv,
+		(uint8_t * (*)(size_t *))sample_convert_cookie_tlv,
 	};
 
 	/* For each TLV type, we expect convert_write(convert_read(TLV)) == TLV,