func()

in pcap-cli/internal/transformer/translator_worker.go [425:480]

• 39 lines of code
• 11 McCabe index (conditional complexity)

func (w *pcapTranslatorWorker) isL4Allowed(
	ctx context.Context,
) (*uint16, *uint16, bool) {
	isProtosFilterAvailable := w.filters.HasL4Protos()
	isTCPflagsFilterAvailable := w.filters.HasTCPflags()
	isL4AddrsFilterAvailable := w.filters.HasL4Addrs()

	layer := w.asLayer(ctx, layers.LayerTypeTCP)
	if layer != nil {
		tcp := layer.(*layers.TCP)

		srcPort := uint16(tcp.SrcPort)
		dstPort := uint16(tcp.DstPort)

		if isProtosFilterAvailable && !w.filters.AllowsTCP() {
			// fail fast: if TCP is not allowed, do not check ports
			return &srcPort, &dstPort, false
		}

		if isTCPflagsFilterAvailable {
			// fail fast & open: if this it TCP, then flags cannot be 0; some flag must be set
			if flags := parseTCPflags(tcp); !w.filters.AllowsAnyTCPflags(&flags) {
				return &srcPort, &dstPort, false
			}
		}

		if isL4AddrsFilterAvailable {
			return w.arePortsAllowed(ctx, &srcPort, &dstPort)
		}

		return &srcPort, &dstPort, true
	}

	layer = w.asLayer(ctx, layers.LayerTypeUDP)
	if layer == nil {
		// the packet does not contain TCP/UDP information
		// fail open
		return nil, nil, true
	}

	udp := layer.(*layers.UDP)

	srcPort := uint16(udp.SrcPort)
	dstPort := uint16(udp.DstPort)

	if isProtosFilterAvailable && !w.filters.AllowsUDP() {
		// fail fast: if UDP is not allowed, do not check ports
		return &srcPort, &dstPort, false
	}

	if isL4AddrsFilterAvailable {
		return w.arePortsAllowed(ctx, &srcPort, &dstPort)
	}

	return &srcPort, &dstPort, true
}