MINOR: netscaler: check in one-shot if buffer is large enough for IP and TCP header

There is minimal gain in checking first the IP header length and then
the TCP header length since we always want to capture information about
both protocols.

IPv4 length calculation was incorrect since IPv4 ip_len actually defines
the total length of IPv4 header and following data.

diff --git a/src/connection.c b/src/connection.c
index e716e8046788c7957f05c27dc8406664ed767635..8d2fb77bedeb05731b232af5b1a652a01c2e6b27 100644 (file)
--- a/src/connection.c
+++ b/src/connection.c
@@ -763,9 +763,9 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
 
                hdr_ip4 = (struct ip *)line;
 
-               if (trash.len < ntohs(hdr_ip4->ip_len)) {
+               if (trash.len < (ntohs(hdr_ip4->ip_len) + 20)) {
                        /* Fail if buffer length is not large enough to contain
-                        * IPv4 header */
+                        * IPv4 header, TCP header */
                        goto missing;
                }
                else if (hdr_ip4->ip_p != IPPROTO_TCP) {
@@ -773,11 +773,6 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
                        conn->err_code = CO_ER_CIP_BAD_PROTO;
                        goto fail;
                }
-               else if (trash.len < (20 + ntohs(hdr_ip4->ip_len))) {
-                       /* Fail if buffer length is not large enough to contain
-                        * IPv4 header, TCP header */
-                       goto missing;
-               }
 
                hdr_tcp = (struct my_tcphdr *)(line + (hdr_ip4->ip_hl * 4));
 
@@ -798,9 +793,9 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
 
                hdr_ip6 = (struct ip6_hdr *)line;
 
-               if (trash.len < 40) {
+               if (trash.len < 60) {
                        /* Fail if buffer length is not large enough to contain
-                        * IPv6 header */
+                        * IPv6 header, TCP header */
                        goto missing;
                }
                else if (hdr_ip6->ip6_nxt != IPPROTO_TCP) {
@@ -808,11 +803,6 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
                        conn->err_code = CO_ER_CIP_BAD_PROTO;
                        goto fail;
                }
-               else if (trash.len < 60) {
-                       /* Fail if buffer length is not large enough to contain
-                        * IPv6 header, TCP header */
-                       goto missing;
-               }
 
                hdr_tcp = (struct my_tcphdr *)(line + sizeof(struct ip6_hdr));