Mirrors_Framework/nuttx
1
0
Fork 0
mirror of https://github.com/apache/nuttx.git synced 2026-06-07 17:33:08 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

net/: Add missing packet filtering checks

Browse Source 
NuttX provides the UDP_BINDTODEVICE socket option.  This is a UDP protocol-specific implementation of the semi-standard Linux SO_BINDTODEVICE socket option:  "SO_BINDTODEVICE forces packets on the socket to only egress the bound interface, regardless of what the IP routing table would normally choose. Similarly only packets which ingress the bound interface will be received on the socket, packets from other interfaces will not be delivered to the socket." https://codingrelic.geekhold.com/2009/10/code-snippet-sobindtodevice.html

If CONFIG_NET_UDP_BINDTODEVICE is selected and a UDP socket is bound to the device, then unrecognized packets UDP packets must not be dropped, but must be forwarded along to the bound socket unconditionally.

It the typical case, this should have no impact.  It does effect the applications that use DHCP and do select the UDP_BINDTODEVICE socket option.

This PR replace existing improper logic in the code and also the improper attempts to fix problems from PR #3601 and PR #3598.  Those changes are improper because they expose DHCP appliction dependencies in the OS, breaking modularity and independence of the OS and application.

Tested with stm32f4discovery:netnsh with CONFIG_NET_UDP_BINDTODEVICE.  A proper DHCP test setup is needed, however.
This commit is contained in:
Gregory Nutt
2021-04-28 14:18:16 -06:00
committed by archer
parent 27e0725a4e
commit 7332d2decf
5 changed files with 115 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/net/if.h
+5 -1
View File
@@ -44,6 +44,7 @@
#define IFF_UP (1 << 1) /* Interface is up */
#define IFF_RUNNING (1 << 2) /* Carrier is available */
#define IFF_IPv6 (1 << 3) /* Configured for IPv6 packet (vs ARP or IPv4) */
#define IFF_BOUND (1 << 4) /* Bound to a socket */
#define IFF_NOARP (1 << 7) /* ARP is not required for this packet */
/* Interface flag helpers */
@@ -51,20 +52,23 @@
#define IFF_SET_DOWN(f) do { (f) |= IFF_DOWN; } while (0)
#define IFF_SET_UP(f) do { (f) |= IFF_UP; } while (0)
#define IFF_SET_RUNNING(f) do { (f) |= IFF_RUNNING; } while (0)
#define IFF_SET_BOUND(f) do { (f) |= IFF_BOUND; } while (0)
#define IFF_SET_NOARP(f) do { (f) |= IFF_NOARP; } while (0)
#define IFF_CLR_DOWN(f) do { (f) &= ~IFF_DOWN; } while (0)
#define IFF_CLR_UP(f) do { (f) &= ~IFF_UP; } while (0)
#define IFF_CLR_RUNNING(f) do { (f) &= ~IFF_RUNNING; } while (0)
#define IFF_CLR_BOUND(f) do { (f) &= ~IFF_BOUND; } while (0)
#define IFF_CLR_NOARP(f) do { (f) &= ~IFF_NOARP; } while (0)
#define IFF_IS_DOWN(f) (((f) & IFF_DOWN) != 0)
#define IFF_IS_UP(f) (((f) & IFF_UP) != 0)
#define IFF_IS_RUNNING(f) (((f) & IFF_RUNNING) != 0)
#define IFF_IS_BOUND(f) (((f) & IFF_BOUND) != 0)
#define IFF_IS_NOARP(f) (((f) & IFF_NOARP) != 0)
/* We only need to manage the IPv6 bit if both IPv6 and IPv4 are supported.
* Otherwise, we can save a few bytes by ignoring it.
* Otherwise, we can save a few bytes by ignoring it.
*/
#if defined(CONFIG_NET_IPv4) && defined(CONFIG_NET_IPv6)