From: Mobashshera Rasool <mrasool@vmware.com>
Date: Mon, 19 Jul 2021 19:31:56 +0000 (+0000)
Subject: pimd: Add TOS check for IGMP conformance
X-Git-Tag: base_8.1~306^2
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=refs%2Fpull%2F9074%2Fhead;p=mirror%2Ffrr.git

pimd: Add TOS check for IGMP conformance

IGMPv3 packets with invalid TOS should be dropped.
Test Case ID: 4.10
TEST_DESCRIPTION
Every IGMP message described in this document is sent with
IP Precedence of Internetwork Control (e.g., Type of Service
0xc0)
(Tests that IGMPv3 Membership Query Message conforms to
above statement)
TEST_REFERENCE
NEGATIVE: RFC 3376, IGMP Version 3, s4 p7 Message Formats
Issue: #9071

Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
---

diff --git a/pimd/pim_igmp.c b/pimd/pim_igmp.c
index 069c515971..477cf991b4 100644
--- a/pimd/pim_igmp.c
+++ b/pimd/pim_igmp.c
@@ -494,6 +494,17 @@ bool pim_igmp_verify_header(struct ip *ip_hdr, size_t len, int igmp_msg_len,
 		}
 	}
 
+	if ((msg_type == PIM_IGMP_V3_MEMBERSHIP_REPORT)
+	    || ((msg_type == PIM_IGMP_MEMBERSHIP_QUERY)
+		&& (igmp_msg_len >= IGMP_V3_SOURCES_OFFSET))) {
+		/* All IGMPv3 messages must be received with TOS set to 0xC0*/
+		if (ip_hdr->ip_tos != IPTOS_PREC_INTERNETCONTROL) {
+			zlog_warn("Received IGMP Packet with invalid TOS %u",
+				  ip_hdr->ip_tos);
+			return -1;
+		}
+	}
+
 	return true;
 }