nic_router: no ICMP on unroutable IPv4 multicast

The NIC router used to send an ICMP "Destination Unreachable" packet as
response to every unroutable IPv4 packet. However, RFC 1812 section 4.3.2.7
defines certain properties that must be fullfilled by an incoming packet in
order to be answered with this type of ICMP. One requirement is that the packet
is no IPv4 multicast.

This commit prevents sending the mentioned ICMP response for unroutable IPv4
multicasts and instead drops them silently.

Fixes #4563
This commit is contained in:
Roland Bär 2022-07-16 17:29:55 +02:00 committed by Christian Helmuth
parent 44e2cd14a0
commit 8f228e3035
3 changed files with 23 additions and 3 deletions

View File

@ -56,6 +56,8 @@ struct Net::Ipv4_address : Network_address<IPV4_ADDR_LEN, '.', false>
bool is_in_range(Ipv4_address const &first, bool is_in_range(Ipv4_address const &first,
Ipv4_address const &last) const; Ipv4_address const &last) const;
bool is_multicast() const;
} }
__attribute__((packed)); __attribute__((packed));

View File

@ -41,6 +41,12 @@ void Net::Ipv4_packet::print(Genode::Output &output) const
} }
bool Ipv4_address::is_multicast() const
{
return (addr[0] & 0xf0) == 0b11100000;
}
bool Ipv4_address::is_in_range(Ipv4_address const &first, bool Ipv4_address::is_in_range(Ipv4_address const &first,
Ipv4_address const &last) const Ipv4_address const &last) const
{ {

View File

@ -1391,9 +1391,21 @@ void Interface::_handle_ip(Ethernet_frame &eth,
return; return;
} }
/* give up and drop packet */ /*
* Give up and drop packet. According to RFC 1812 section 4.3.2.7, an ICMP
* "Destination Unreachable" is sent as response only if the dropped
* packet fullfills certain properties.
*
* FIXME
*
* There are some properties required by the RFC that are not yet checked
* at this point.
*/
if(not ip.dst().is_multicast()) {
_send_icmp_dst_unreachable(local_intf, eth, ip, _send_icmp_dst_unreachable(local_intf, eth, ip,
Icmp_packet::Code::DST_NET_UNREACHABLE); Icmp_packet::Code::DST_NET_UNREACHABLE);
}
if (_config().verbose()) { if (_config().verbose()) {
log("[", local_domain, "] unroutable packet"); } log("[", local_domain, "] unroutable packet"); }
} }