From 8f228e3035bc2ea762523dfb81740d379325bfc4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roland=20B=C3=A4r?= Date: Sat, 16 Jul 2022 17:29:55 +0200 Subject: [PATCH] nic_router: no ICMP on unroutable IPv4 multicast The NIC router used to send an ICMP "Destination Unreachable" packet as response to every unroutable IPv4 packet. However, RFC 1812 section 4.3.2.7 defines certain properties that must be fullfilled by an incoming packet in order to be answered with this type of ICMP. One requirement is that the packet is no IPv4 multicast. This commit prevents sending the mentioned ICMP response for unroutable IPv4 multicasts and instead drops them silently. Fixes #4563 --- repos/os/include/net/ipv4.h | 2 ++ repos/os/src/lib/net/ipv4.cc | 6 ++++++ repos/os/src/server/nic_router/interface.cc | 18 +++++++++++++++--- 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/repos/os/include/net/ipv4.h b/repos/os/include/net/ipv4.h index 41380a4e1d..3327bf9962 100644 --- a/repos/os/include/net/ipv4.h +++ b/repos/os/include/net/ipv4.h @@ -56,6 +56,8 @@ struct Net::Ipv4_address : Network_address bool is_in_range(Ipv4_address const &first, Ipv4_address const &last) const; + + bool is_multicast() const; } __attribute__((packed)); diff --git a/repos/os/src/lib/net/ipv4.cc b/repos/os/src/lib/net/ipv4.cc index cc33996343..3e256e9c12 100644 --- a/repos/os/src/lib/net/ipv4.cc +++ b/repos/os/src/lib/net/ipv4.cc @@ -41,6 +41,12 @@ void Net::Ipv4_packet::print(Genode::Output &output) const } +bool Ipv4_address::is_multicast() const +{ + return (addr[0] & 0xf0) == 0b11100000; +} + + bool Ipv4_address::is_in_range(Ipv4_address const &first, Ipv4_address const &last) const { diff --git a/repos/os/src/server/nic_router/interface.cc b/repos/os/src/server/nic_router/interface.cc index 77df57ff0d..25b74247af 100644 --- a/repos/os/src/server/nic_router/interface.cc +++ b/repos/os/src/server/nic_router/interface.cc @@ -1391,9 +1391,21 @@ void Interface::_handle_ip(Ethernet_frame ð, return; } - /* give up and drop packet */ - _send_icmp_dst_unreachable(local_intf, eth, ip, - Icmp_packet::Code::DST_NET_UNREACHABLE); + /* + * Give up and drop packet. According to RFC 1812 section 4.3.2.7, an ICMP + * "Destination Unreachable" is sent as response only if the dropped + * packet fullfills certain properties. + * + * FIXME + * + * There are some properties required by the RFC that are not yet checked + * at this point. + */ + if(not ip.dst().is_multicast()) { + + _send_icmp_dst_unreachable(local_intf, eth, ip, + Icmp_packet::Code::DST_NET_UNREACHABLE); + } if (_config().verbose()) { log("[", local_domain, "] unroutable packet"); } }