tap: Disallow loopback addresses on tap interface

The "tap" interface, whether it's actually a tuntap device or a qemu
socket, presents a virtual external link between different network hosts.
Hence, loopback addresses make no sense there.  However, nothing prevents
the guest from putting bogus packets with loopback addresses onto the
interface and it's not entirely clear what effect that will have on passt.

Explicitly test for such packets and drop them.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
David Gibson 2024-02-28 22:25:18 +11:00 committed by Stefano Brivio
parent 3b59b9748a
commit f15be719b3

19
tap.c
View file

@ -610,6 +610,16 @@ resume:
l4_len = htons(iph->tot_len) - hlen; l4_len = htons(iph->tot_len) - hlen;
if (IN4_IS_ADDR_LOOPBACK(&iph->saddr) ||
IN4_IS_ADDR_LOOPBACK(&iph->daddr)) {
char sstr[INET_ADDRSTRLEN], dstr[INET_ADDRSTRLEN];
debug("Loopback address on tap interface: %s -> %s",
inet_ntop(AF_INET, &iph->saddr, sstr, sizeof(sstr)),
inet_ntop(AF_INET, &iph->daddr, dstr, sizeof(dstr)));
continue;
}
if (iph->saddr && c->ip4.addr_seen.s_addr != iph->saddr) if (iph->saddr && c->ip4.addr_seen.s_addr != iph->saddr)
c->ip4.addr_seen.s_addr = iph->saddr; c->ip4.addr_seen.s_addr = iph->saddr;
@ -766,6 +776,15 @@ resume:
if (!(l4h = ipv6_l4hdr(in, i, sizeof(*eh), &proto, &l4_len))) if (!(l4h = ipv6_l4hdr(in, i, sizeof(*eh), &proto, &l4_len)))
continue; continue;
if (IN6_IS_ADDR_LOOPBACK(saddr) || IN6_IS_ADDR_LOOPBACK(daddr)) {
char sstr[INET6_ADDRSTRLEN], dstr[INET6_ADDRSTRLEN];
debug("Loopback address on tap interface: %s -> %s",
inet_ntop(AF_INET6, saddr, sstr, sizeof(sstr)),
inet_ntop(AF_INET6, daddr, dstr, sizeof(dstr)));
continue;
}
if (IN6_IS_ADDR_LINKLOCAL(saddr)) { if (IN6_IS_ADDR_LINKLOCAL(saddr)) {
c->ip6.addr_ll_seen = *saddr; c->ip6.addr_ll_seen = *saddr;