net: ipv6: Drop site scope multicast dst address pkt

If we receive an IPv6 packet with site scope multicast address FF05:: then we must drop it as those addresses are reserved for site network traffic only. Fixes zephyrproject-rtos#10960 Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
jukkar · Nov 1, 2018 · fc33a0f · fc33a0f
1 parent de72943
commit fc33a0f
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 4 deletions.
diff --git a/include/net/net_ip.h b/include/net/net_ip.h
@@ -688,6 +688,41 @@ static inline bool net_is_ipv6_addr_mcast_iface(const struct in6_addr *addr)
 	return net_is_ipv6_addr_mcast_scope(addr, 0x01);
 }
 
+/**
+ * @brief Check if the IPv6 address is a site scope multicast
+ * address (FFx5::).
+ *
+ * @param addr IPv6 address.
+ *
+ * @return True if the address is a site scope multicast address,
+ * false otherwise.
+ */
+static inline bool net_is_ipv6_addr_mcast_site(const struct in6_addr *addr)
+{
+	return net_is_ipv6_addr_mcast_scope(addr, 0x05);
+}
+
+/**
+ * @brief Check if the IPv6 address belongs to certain multicast group
+ *
+ * @param addr IPv6 address.
+ * @param group Group id IPv6 address, the values must be in network
+ * byte order
+ *
+ * @return True if the IPv6 multicast address belongs to given multicast
+ * group, false otherwise.
+ */
+static inline bool net_is_ipv6_addr_mcast_group(const struct in6_addr *addr,
+						const struct in6_addr *group)
+{
+	return UNALIGNED_GET(&addr->s6_addr16[1]) == group->s6_addr16[1] &&
+		UNALIGNED_GET(&addr->s6_addr16[2]) == group->s6_addr16[2] &&
+		UNALIGNED_GET(&addr->s6_addr16[3]) == group->s6_addr16[3] &&
+		UNALIGNED_GET(&addr->s6_addr32[1]) == group->s6_addr32[1] &&
+		UNALIGNED_GET(&addr->s6_addr32[2]) == group->s6_addr32[1] &&
+		UNALIGNED_GET(&addr->s6_addr32[3]) == group->s6_addr32[3];
+}
+
 /**
  *  @brief Create solicited node IPv6 multicast address
  *  FF02:0:0:0:0:1:FFXX:XXXX defined in RFC 3513

diff --git a/subsys/net/ip/ipv6.c b/subsys/net/ip/ipv6.c
@@ -459,10 +459,17 @@ enum net_verdict net_ipv6_process_pkt(struct net_pkt *pkt, bool is_loopback)
 		goto drop;
 	}
 
-	if (!is_loopback && net_is_ipv6_addr_mcast_iface(&hdr->dst)) {
-		NET_DBG("Dropping interface scope multicast packet");
-		net_stats_update_ipv6_drop(net_pkt_iface(pkt));
-		goto drop;
+	if (!is_loopback) {
+		bool is_empty_group = net_is_ipv6_addr_mcast_group(
+			&hdr->dst, net_ipv6_unspecified_address());
+
+		if (net_is_ipv6_addr_mcast_iface(&hdr->dst) ||
+		    (is_empty_group &&
+		     net_is_ipv6_addr_mcast_site(&hdr->dst))) {
+			NET_DBG("Dropping invalid scope multicast packet");
+			net_stats_update_ipv6_drop(net_pkt_iface(pkt));
+			goto drop;
+		}
 	}
 
 	/* Check extension headers */