Merge pull request #407 from hannesm/ip-of-interest

only handle IPv4 packets that are of interest to us (either destination ip matches or it is broadcast), remove should_reply from icmp
mirage · Apr 25, 2019 · e50f759 · e50f759
2 parents 3061285 + 79e75c7
commit e50f759
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 8 deletions.
diff --git a/src/icmp/icmpv4.ml b/src/icmp/icmpv4.ml
@@ -32,9 +32,8 @@ module Make(IP : Mirage_protocols_lwt.IPV4) = struct
 
   let write t ~dst buf = writev t ~dst [buf]
 
-  let input t ~src ~dst buf =
+  let input t ~src ~dst:_ buf =
     let open Icmpv4_packet in
-    let should_reply t dst = List.mem dst @@ IP.get_ip t.ip in
     MProf.Trace.label "icmp_input";
     match Unmarshal.of_cstruct buf with
     | Error s ->
@@ -56,7 +55,7 @@ module Make(IP : Mirage_protocols_lwt.IPV4) = struct
         Log.debug (fun f ->
             f "ICMP echo-request received: %a (payload %a)"
               Icmpv4_packet.pp message Cstruct.hexdump_pp payload);
-        if t.echo_reply && should_reply t dst then begin
+        if t.echo_reply then begin
           let icmp = {
             code = 0x00;
             ty   = Icmpv4_wire.Echo_reply;

diff --git a/src/ipv4/static_ipv4.ml b/src/ipv4/static_ipv4.ml
@@ -147,17 +147,25 @@ module Make (R: Mirage_random.C) (C: Mirage_clock.MCLOCK) (Ethernet: Mirage_prot
       end else (* error out, as described in the semantics *)
         Lwt.return (Error `Would_fragment)
 
-  (* TODO: ought we to check to make sure the destination is relevant here?  currently we'll process all incoming packets, regardless of destination address *)
   let input t ~tcp ~udp ~default buf =
     match Ipv4_packet.Unmarshal.of_cstruct buf with
     | Error s ->
       Log.info (fun m -> m "error %s while parsing IPv4 frame %a" s Cstruct.hexdump_pp buf);
       Lwt.return_unit
     | Ok (packet, payload) ->
-      if Cstruct.len payload = 0 then
-        (Log.info (fun m -> m "dropping zero length IPv4 frame %a" Ipv4_packet.pp packet) ;
-         Lwt.return_unit)
-      else
+      let of_interest ip =
+        Ipaddr.V4.(compare ip t.ip = 0
+                   || compare ip broadcast = 0
+                   || compare ip (Prefix.broadcast t.network) = 0)
+      in
+      if not (of_interest packet.dst) then begin
+        Log.debug (fun m -> m "dropping IP fragment not for us or broadcast %a"
+                      Ipv4_packet.pp packet);
+        Lwt.return_unit
+      end else if Cstruct.len payload = 0 then begin
+        Log.debug (fun m -> m "dropping zero length IPv4 frame %a" Ipv4_packet.pp packet) ;
+        Lwt.return_unit
+      end else
         let ts = C.elapsed_ns t.clock in
         let cache, res = Fragments.process t.cache ts packet payload in
         t.cache <- cache ;