Skip to content

Commit 43e64ef

Browse files
JeremiahM37JeremiahM37
committed
correct route dispatch defaults and validation
1 parent 86961f6 commit 43e64ef

1 file changed

Lines changed: 24 additions & 10 deletions

File tree

src/routes.c

Lines changed: 24 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1991,6 +1991,9 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_route_table_default_policy_set(
19911991
{
19921992
if (WOLFSENTRY_MASKOUT_BITS(default_policy, WOLFSENTRY_ROUTE_DEFAULT_POLICY_MASK) != WOLFSENTRY_ACTION_RES_NONE)
19931993
WOLFSENTRY_ERROR_RETURN(INVALID_ARG);
1994+
if ((default_policy != WOLFSENTRY_ACTION_RES_NONE) &&
1995+
(! WOLFSENTRY_MASKIN_BITS(default_policy, WOLFSENTRY_ACTION_RES_ACCEPT | WOLFSENTRY_ACTION_RES_REJECT)))
1996+
WOLFSENTRY_ERROR_RETURN(INVALID_ARG);
19941997
WOLFSENTRY_MUTEX_OR_RETURN();
19951998
table->default_policy = default_policy;
19961999
if (table == wolfsentry->routes)
@@ -2502,16 +2505,27 @@ static wolfsentry_errcode_t wolfsentry_route_event_dispatch_0(
25022505

25032506
if (! (current_rule_route_flags & WOLFSENTRY_ROUTE_FLAG_DONT_COUNT_CURRENT_CONNECTIONS)) {
25042507
if (*action_results & WOLFSENTRY_ACTION_RES_CONNECT) {
2505-
if (rule_route->meta.connection_count >= config->config.max_connection_count) {
2506-
*action_results |= WOLFSENTRY_ACTION_RES_REJECT;
2507-
ret = WOLFSENTRY_ERROR_ENCODE(OK);
2508-
goto done;
2509-
}
2510-
if (WOLFSENTRY_ATOMIC_INCREMENT_BY_ONE(rule_route->meta.connection_count) > config->config.max_connection_count) {
2511-
WOLFSENTRY_ATOMIC_DECREMENT_BY_ONE(rule_route->meta.connection_count);
2512-
*action_results |= WOLFSENTRY_ACTION_RES_REJECT;
2513-
ret = WOLFSENTRY_ERROR_ENCODE(OK);
2514-
goto done;
2508+
if (config->config.max_connection_count > 0) {
2509+
if (rule_route->meta.connection_count >= config->config.max_connection_count) {
2510+
*action_results |= WOLFSENTRY_ACTION_RES_REJECT;
2511+
ret = WOLFSENTRY_ERROR_ENCODE(OK);
2512+
goto done;
2513+
}
2514+
if (WOLFSENTRY_ATOMIC_INCREMENT_BY_ONE(rule_route->meta.connection_count) > config->config.max_connection_count) {
2515+
WOLFSENTRY_ATOMIC_DECREMENT_BY_ONE(rule_route->meta.connection_count);
2516+
*action_results |= WOLFSENTRY_ACTION_RES_REJECT;
2517+
ret = WOLFSENTRY_ERROR_ENCODE(OK);
2518+
goto done;
2519+
}
2520+
} else {
2521+
/* unlimited: saturate at UINT16_MAX to avoid wrap-around.
2522+
* Once saturated, the count no longer tracks live
2523+
* connections exactly, but DISCONNECT's safe-decrement
2524+
* stays well-defined.
2525+
*/
2526+
uint16_t dummy;
2527+
WOLFSENTRY_ATOMIC_INCREMENT_UNSIGNED_SAFELY_BY_ONE(rule_route->meta.connection_count, dummy);
2528+
(void)dummy;
25152529
}
25162530
} else if (*action_results & WOLFSENTRY_ACTION_RES_DISCONNECT) {
25172531
uint16_t new_connection_count;

0 commit comments

Comments
 (0)