Tighten core "for us" check for unicast addresses

kjbracey · deepakvenugopal · commit 934687b85dd5 · 2018-04-24T16:23:52.000+03:00
Basic "is this packet for us" check was special-cased for link-local
addresses, but had no other scope handling.

Tighten this up to apply the scope zones already configured in the
interfaces and used for packet forwarding.

We now only accept a packet on interface B for an address configured on
interface A if A and B are in the same scope zone for that address.

Main visible impact will be that Thread border routers will no longer
accept mesh-local addresses on the Ethernet interface.

Change-Id: Ib79526f1ada36fa409378b4824315221cc543321
diff --git a/source/Core/address.c b/source/Core/address.c
@@ -1354,14 +1354,17 @@ int8_t addr_interface_address_compare(protocol_interface_info_entry_t *cur, cons
         return 0;
     }
 
-    /* If link-local, that's it */
-    if (addr_is_ipv6_link_local(addr)) {
-        return -1;
+    /* Then check other interfaces, enforcing scope zones */
+    uint_fast8_t scope = addr_ipv6_scope(addr, cur);
+    ns_list_foreach(protocol_interface_info_entry_t, other, &protocol_interface_info_list) {
+        if (other != cur &&
+                other->zone_index[scope] == cur->zone_index[scope] &&
+                addr_is_assigned_to_interface(other, addr)) {
+            return 0;
+        }
     }
 
-    /* Now check other interfaces */
-    /* TODO: should only do this if both current and other interface have forwarding enabled */
-    return protcol_interface_address_compare(cur, addr);
+    return -1;
 }
 
 int8_t addr_interface_select_source(protocol_interface_info_entry_t *cur, uint8_t *src_ptr, const uint8_t *dest, uint32_t addr_preferences)
diff --git a/source/Core/ns_socket.c b/source/Core/ns_socket.c
@@ -1301,7 +1301,7 @@ int16_t socket_buffer_sendmsg(int8_t sid, buffer_t *buf, const struct ns_msghdr
      * address is valid in one of the available interfaces
      * */
     if (buf->src_sa.addr_type == ADDR_IPV6 &&
-        protcol_interface_address_compare(NULL, buf->src_sa.address) != 0) {
+        protocol_interface_address_compare(buf->src_sa.address) != 0) {
         tr_warn("Specified source address %s is not valid",trace_ipv6(buf->src_sa.address));
         ret_val = -3;
         goto fail;
diff --git a/source/NWK_INTERFACE/Include/protocol.h b/source/NWK_INTERFACE/Include/protocol.h
@@ -507,5 +507,5 @@ extern void protocol_core_dhcpv6_allocated_address_remove(protocol_interface_inf
 
 extern void nwk_bootsrap_state_update(arm_nwk_interface_status_type_e posted_event, protocol_interface_info_entry_t *cur);
 void bootsrap_next_state_kick(icmp_state_t new_state, protocol_interface_info_entry_t *cur);
-int8_t protcol_interface_address_compare(protocol_interface_info_entry_t *cur, const uint8_t *addr);
+int8_t protocol_interface_address_compare(const uint8_t *addr);
 #endif /* _NS_PROTOCOL_H */
diff --git a/source/NWK_INTERFACE/protocol_core.c b/source/NWK_INTERFACE/protocol_core.c
@@ -1085,10 +1085,12 @@ void protocol_core_dhcpv6_allocated_address_remove(protocol_interface_info_entry
     }
 }
 
-int8_t protcol_interface_address_compare(protocol_interface_info_entry_t *cur, const uint8_t *addr)
+/* XXX note that this does not perform any scope checks, so will for example match
+ * link local addresses on any interface - you may want addr_interface_address_compare */
+int8_t protocol_interface_address_compare(const uint8_t *addr)
 {
-    ns_list_foreach(protocol_interface_info_entry_t, other, &protocol_interface_info_list) {
-        if (other != cur && addr_is_assigned_to_interface(other, addr)) {
+    ns_list_foreach(protocol_interface_info_entry_t, cur, &protocol_interface_info_list) {
+        if (addr_is_assigned_to_interface(cur, addr)) {
             return 0;
         }
     }
diff --git a/source/RPL/rpl_control.c b/source/RPL/rpl_control.c
@@ -855,7 +855,7 @@ static buffer_t *rpl_control_dio_handler(protocol_interface_info_entry_t *cur, r
     }
 
     /* Even if we're not currently rooting - what if it's our address? Ignore stale info on network */
-    if (protcol_interface_address_compare(NULL, dodagid) == 0) {
+    if (addr_interface_address_compare(cur, dodagid) == 0) {
         tr_info("DIO our DODAGID %s", trace_ipv6(dodagid));
         /* Should we transmit poison? */
         goto invalid_parent;
diff --git a/source/RPL/rpl_downward.c b/source/RPL/rpl_downward.c
@@ -1059,7 +1059,7 @@ static bool rpl_downward_process_targets_for_transit(rpl_dodag_t *dodag, bool st
                         /* In Non-Storing mode, add the transit to the target, and we'll re-evaluate system routes later */
                         ipv6_route_table_remove_info(-1, ROUTE_RPL_DAO_SR, target);
                         if (transit_opt) {
-                            if (protcol_interface_address_compare(NULL, parent) == 0) {
+                            if (protocol_interface_address_compare(parent) == 0) {
                                 /* If we're transit, it's on-link */
                                 ipv6_route_add_with_info(prefix, prefix_len, interface_id, NULL, ROUTE_RPL_DAO_SR, target, 0, target->lifetime, 0);
                             } else {
@@ -1122,7 +1122,7 @@ static void rpl_downward_link_transits_to_targets(rpl_instance_t *instance)
     }
     ns_list_foreach(rpl_dao_target_t, target, &instance->dao_targets) {
         ns_list_foreach(rpl_dao_root_transit_t, transit, &target->info.root.transits) {
-            if (protcol_interface_address_compare(NULL, transit->transit) == 0) {
+            if (protocol_interface_address_compare(transit->transit) == 0) {
                 /* It points to us (the DODAG root) - mark this with NULL */
                 transit->parent = NULL;
                 target->connected = true;
diff --git a/source/libNET/src/socket_api.c b/source/libNET/src/socket_api.c
@@ -656,7 +656,7 @@ int8_t socket_bind(int8_t socket, const ns_address_t *address)
             return -4;
         }
 
-        if (protcol_interface_address_compare(NULL, address->address) != 0) {
+        if (protocol_interface_address_compare(address->address) != 0) {
             return -3;
         }
 
diff --git a/test/nanostack/unittest/stub/protocol_core_stub.c b/test/nanostack/unittest/stub/protocol_core_stub.c
@@ -234,7 +234,7 @@ void protocol_core_dhcpv6_allocated_address_remove(protocol_interface_info_entry
 {
 }
 
-int8_t protcol_interface_address_compare(protocol_interface_info_entry_t *cur, const uint8_t *addr)
+int8_t protocol_interface_address_compare(const uint8_t *addr)
 {
     return protocol_core_stub.int8_value;
 }

Original file line number	Diff line number	Diff line change
`@@ -1085,10 +1085,12 @@ void protocol_core_dhcpv6_allocated_address_remove(protocol_interface_info_entry`
`1085`	`1085`	`}`
`1086`	`1086`	`}`
`1087`	`1087`
`1088`		`-int8_t protcol_interface_address_compare(protocol_interface_info_entry_t cur, const uint8_t addr)`
	`1088`	`+/* XXX note that this does not perform any scope checks, so will for example match`
	`1089`	`+ * link local addresses on any interface - you may want addr_interface_address_compare */`
	`1090`	`+int8_t protocol_interface_address_compare(const uint8_t *addr)`
`1089`	`1091`	`{`
`1090`		`- ns_list_foreach(protocol_interface_info_entry_t, other, &protocol_interface_info_list) {`
`1091`		`- if (other != cur && addr_is_assigned_to_interface(other, addr)) {`
	`1092`	`+ ns_list_foreach(protocol_interface_info_entry_t, cur, &protocol_interface_info_list) {`
	`1093`	`+ if (addr_is_assigned_to_interface(cur, addr)) {`
`1092`	`1094`	`return 0;`
`1093`	`1095`	`}`
`1094`	`1096`	`}`
Original file line number	Diff line number	Diff line change
`@@ -855,7 +855,7 @@ static buffer_t rpl_control_dio_handler(protocol_interface_info_entry_t cur, r`
`855`	`855`	`}`
`856`	`856`
`857`	`857`	`/* Even if we're not currently rooting - what if it's our address? Ignore stale info on network */`
`858`		`- if (protcol_interface_address_compare(NULL, dodagid) == 0) {`
	`858`	`+ if (addr_interface_address_compare(cur, dodagid) == 0) {`
`859`	`859`	`tr_info("DIO our DODAGID %s", trace_ipv6(dodagid));`
`860`	`860`	`/* Should we transmit poison? */`
`861`	`861`	`goto invalid_parent;`
Original file line number	Diff line number	Diff line change
`@@ -656,7 +656,7 @@ int8_t socket_bind(int8_t socket, const ns_address_t *address)`
`656`	`656`	`return -4;`
`657`	`657`	`}`
`658`	`658`
`659`		`- if (protcol_interface_address_compare(NULL, address->address) != 0) {`
	`659`	`+ if (protocol_interface_address_compare(address->address) != 0) {`
`660`	`660`	`return -3;`
`661`	`661`	`}`
`662`	`662`
Original file line number	Diff line number	Diff line change
`@@ -234,7 +234,7 @@ void protocol_core_dhcpv6_allocated_address_remove(protocol_interface_info_entry`
`234`	`234`	`{`
`235`	`235`	`}`
`236`	`236`
`237`		`-int8_t protcol_interface_address_compare(protocol_interface_info_entry_t cur, const uint8_t addr)`
	`237`	`+int8_t protocol_interface_address_compare(const uint8_t *addr)`
`238`	`238`	`{`
`239`	`239`	`return protocol_core_stub.int8_value;`
`240`	`240`	`}`