From 23a2f90a0055c86b89a5e257d08ce5ecdd321baf Mon Sep 17 00:00:00 2001 From: saravanank Date: Sun, 15 Mar 2020 23:52:43 -0700 Subject: [PATCH] pimd: Add check for pim join, hello and assert to drop pkts without all-pim-routers dest. This is as per RFC. This is identified when conformance suite catched join. RCA: Packets were processed without checking allowed dest IP for that packet. Fix: Added check for dest IP Converted this check to a function Signed-off-by: Saravanan K --- pimd/pim_pim.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/pimd/pim_pim.c b/pimd/pim_pim.c index 8d7a921cf4..a76fbed203 100644 --- a/pimd/pim_pim.c +++ b/pimd/pim_pim.c @@ -137,6 +137,18 @@ void pim_sock_delete(struct interface *ifp, const char *delete_message) sock_close(ifp); } +/* For now check dst address for hello, assrt and join/prune is all pim rtr */ +static bool pim_pkt_dst_addr_ok(enum pim_msg_type type, in_addr_t addr) +{ + if ((type == PIM_MSG_TYPE_HELLO) || (type == PIM_MSG_TYPE_ASSERT) + || (type == PIM_MSG_TYPE_JOIN_PRUNE)) { + if (addr != qpim_all_pim_routers_addr.s_addr) + return false; + } + + return true; +} + int pim_pim_packet(struct interface *ifp, uint8_t *buf, size_t len) { struct ip *ip_hdr; @@ -237,6 +249,21 @@ int pim_pim_packet(struct interface *ifp, uint8_t *buf, size_t len) } } + if (!pim_pkt_dst_addr_ok(header->type, ip_hdr->ip_dst.s_addr)) { + char dst_str[INET_ADDRSTRLEN]; + char src_str[INET_ADDRSTRLEN]; + + pim_inet4_dump("", ip_hdr->ip_dst, dst_str, + sizeof(dst_str)); + pim_inet4_dump("", ip_hdr->ip_src, src_str, + sizeof(src_str)); + zlog_warn( + "%s: Ignoring Pkt. Unexpected IP destination %s for %s (Expected: all_pim_routers_addr) from %s", + __func__, dst_str, pim_pim_msgtype2str(header->type), + src_str); + return -1; + } + switch (header->type) { case PIM_MSG_TYPE_HELLO: return pim_hello_recv(ifp, ip_hdr->ip_src, -- 2.39.5