Mirrors_Framework/nuttx
1
0
Fork 0
mirror of https://github.com/apache/nuttx.git synced 2026-06-06 00:14:22 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

net/: Add missing packet filtering checks

Browse Source 
NuttX provides the UDP_BINDTODEVICE socket option.  This is a UDP protocol-specific implementation of the semi-standard Linux SO_BINDTODEVICE socket option:  "SO_BINDTODEVICE forces packets on the socket to only egress the bound interface, regardless of what the IP routing table would normally choose. Similarly only packets which ingress the bound interface will be received on the socket, packets from other interfaces will not be delivered to the socket." https://codingrelic.geekhold.com/2009/10/code-snippet-sobindtodevice.html

If CONFIG_NET_UDP_BINDTODEVICE is selected and a UDP socket is bound to the device, then unrecognized packets UDP packets must not be dropped, but must be forwarded along to the bound socket unconditionally.

It the typical case, this should have no impact.  It does effect the applications that use DHCP and do select the UDP_BINDTODEVICE socket option.

This PR replace existing improper logic in the code and also the improper attempts to fix problems from PR #3601 and PR #3598.  Those changes are improper because they expose DHCP appliction dependencies in the OS, breaking modularity and independence of the OS and application.

Tested with stm32f4discovery:netnsh with CONFIG_NET_UDP_BINDTODEVICE.  A proper DHCP test setup is needed, however.
This commit is contained in:
Gregory Nutt
2021-04-28 14:18:16 -06:00
committed by archer
parent 27e0725a4e
commit 7332d2decf
5 changed files with 115 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/devif/ipv4_input.c
+8 -1
View File
@@ -297,7 +297,14 @@ int ipv4_input(FAR struct net_driver_s *dev)
}
else
#endif
if (ipv4->proto != IP_PROTO_UDP)
#if defined(NET_UDP_HAVE_STACK) && defined(CONFIG_NET_UDP_BINDTODEVICE)
/* If the UDP protocol specific socket option UDP_BINDTODEVICE
* is selected, then we must forward all UDP packets to the bound
* socket.
*/
if (ipv4->proto != IP_PROTO_UDP || !IFF_IS_BOUND(dev->d_flags))
#endif
{
/* Not destined for us and not forwardable... Drop the
* packet.
net/devif/ipv6_input.c
+8 -1
View File
@@ -433,7 +433,14 @@ int ipv6_input(FAR struct net_driver_s *dev)
}
else
#endif
if (nxthdr != IP_PROTO_UDP)
#if defined(NET_UDP_HAVE_STACK) && defined(CONFIG_NET_UDP_BINDTODEVICE)
/* If the UDP protocol specific socket option UDP_BINDTODEVICE
* is selected, then we must forward all UDP packets to the bound
* socket.
*/
if (nxthdr != IP_PROTO_UDP || !IFF_IS_BOUND(dev->d_flags))
#endif
{
/* Not destined for us and not forwardable...
* drop the packet.