nic_router: do not leak packets on link down/up

Do not send nor buffer packets at interfaces with link state "down". This prevents that packets that were routed to one network (allowed to see them), due to a sudden link down/up, are leaked to another network that is not allowed to see them.
2024-12-21 14:37:50 +00:00 · 2018-05-27 16:27:38 +02:00 · 2018-05-27 16:27:38 +02:00 · a3905fcf87
commit a3905fcf87
parent 1306892fbf
4 changed files with 27 additions and 3 deletions
--- a/repos/os/src/server/nic_router/interface.cc
+++ b/repos/os/src/server/nic_router/interface.cc
@ -1559,6 +1559,19 @@ void Interface::handle_config_1(Configuration &config)
 }


+void Interface::_failed_to_send_packet_link()
+{
+	if (_config().verbose()) {
+		log("[", _domain(), "] failed to send packet (link down)"); }
+}
+
+
+void Interface::_failed_to_send_packet_alloc()
+{
+	log("[", _domain(), "] failed to send packet (packet alloc failed)");
+}
+
+
 void Interface::handle_config_2()
 {
 	Domain_name const &new_domain_name = _policy.determine_domain_name();
--- a/repos/os/src/server/nic_router/interface.h
+++ b/repos/os/src/server/nic_router/interface.h
@ -273,10 +273,14 @@ class Net::Interface : private Interface_list::Element

 		void _apply_foreign_arp();

+		void _failed_to_send_packet_link();
+
+		void _failed_to_send_packet_alloc();
+
 		void _send_icmp_dst_unreachable(Ipv4_address_prefix const &local_intf,
 		                                Ethernet_frame      const &req_eth,
 		                                Ipv4_packet         const &req_ip,
-                                        Icmp_packet::Code   const  code);
+		                                Icmp_packet::Code   const  code);

 		/*******************
 		 ** Pure virtuals **
@ -338,6 +342,10 @@ class Net::Interface : private Interface_list::Element
 		template <typename FUNC>
 		void send(Genode::size_t pkt_size, FUNC && write_to_pkt)
 		{
+			if (!_link_state()) {
+				_failed_to_send_packet_link();
+				return;
+			}
 			try {
 				Packet_descriptor  pkt;
 				void              *pkt_base;
@ -348,7 +356,7 @@ class Net::Interface : private Interface_list::Element
 				_send_submit_pkt(pkt, pkt_base, pkt_size);
 			}
 			catch (Packet_stream_source::Packet_alloc_failed) {
-				Genode::warning("failed to allocate packet");
+				_failed_to_send_packet_alloc();
 			}
 		}

--- a/repos/os/src/server/nic_router/uplink.cc
+++ b/repos/os/src/server/nic_router/uplink.cc
@ -42,11 +42,13 @@ Net::Uplink::Uplink(Env                 &env,
 	tx_channel()->sigh_ack_avail(_source_ack);
 	tx_channel()->sigh_ready_to_submit(_source_submit);
 	Nic::Connection::link_state_sigh(_link_state_handler);
+	_link_state_ = link_state();
 }


 void Net::Uplink::_handle_link_state()
 {
+	_link_state_ = link_state();
 	try { domain().discard_ip_config(); }
 	catch (Domain::Ip_config_static) { }
 }
--- a/repos/os/src/server/nic_router/uplink.h
+++ b/repos/os/src/server/nic_router/uplink.h
@ -63,6 +63,7 @@ class Net::Uplink : public Uplink_base,
 		};

 		Genode::Session_label    const &_label;
+		bool                            _link_state_ { false };
 		Genode::Signal_handler<Uplink>  _link_state_handler;

 		Ipv4_address_prefix _read_interface();
@ -76,7 +77,7 @@ class Net::Uplink : public Uplink_base,

 		Packet_stream_sink   &_sink()       override { return *rx(); }
 		Packet_stream_source &_source()     override { return *tx(); }
-		bool                  _link_state() override { return link_state(); }
+		bool                  _link_state() override { return _link_state_; }

 	public: