Make sure that incoming DAD NS message is allowed in
so that we can detect duplicate address detection NS packets.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
When packet is routed between interfaces new routing entry is added
to the table. This should not be done for interfaces that do not
support Neighbor Discovery protocol as they are not keep potential
neighbors in the common table.
Signed-off-by: Konrad Derda <konrad.derda@nordicsemi.no>
When IPv6 packet is received, there is a check of the packet's source
address to verify that it is not interface's non-tentative address.
This commit moves this check to the later stages of processing as
packets that can be routed are dropped in the early stage otherwise.
Signed-off-by: Konrad Derda <konrad.derda@nordicsemi.no>
Before packet is routed there is a check verifying if the destination
address is not the device's one. However, the check should be limited
to the packet's original interface. Otherwise, packet cannot be routed
if it is destined for an other interface of the device.
Signed-off-by: Konrad Derda <konrad.derda@nordicsemi.no>
While forwarding a multicast packet decrement hop limit in a common net
buffer. Also, packets with hop limit equal to 0 should not be forwarded.
Signed-off-by: Konrad Derda <konrad.derda@nordicsemi.no>
Filtering out received packets which source address matches one of our
own addresses has broken the duplicate address detection conflict
reporting.
In case Neighbor Advertisement is sent during DAD collision, the source
address of such packet might be set to the address that triggered the
collision. This address would also be set on our interface, marked as
tentative. Therefore in order to make duplicate address detection work,
we cannot filter out packets in case our own address is still in
tentative state.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commit adds a check to determine if the packet wasn't already
forwarded to a given interface.
Signed-off-by: Konrad Derda <konrad.derda@nordicsemi.no>
Refactor the IP tunneling support as the input callback was removed
in previous commit. The data will flow through the recv callback now
as expected.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Modify internal L4 protocols APIs, to allow to enforce checksum
calculation, regardless of the checksum HW offloading capability.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The additional hooks provide infrastructure to construct
rules on another network stack levels. Main benefit of this
approach is packets are pre-parsed and e.g. IP filter is
easier to implement. These hooks are equivalent of prerouting
and local_in in linux's netfilter.
Signed-off-by: Marcin Gasiorek <marcin.gasiorek@nordicsemi.no>
Logging v1 has been removed and log_strdup wrapper function is no
longer needed. Removing the function and its use in the tree.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
In order to bring consistency in-tree, migrate all subsystems code to
the new prefix <zephyr/...>. Note that the conversion has been scripted,
refer to zephyrproject-rtos#45388 for more details.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Implement a concept of Route Preference, as specified in RFC 4191. The
Zephyr host will prefer routes with higher preference, if they lead to
the same prefix through different neighbours.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for route lifetime, as defined in RFC 4191. The existing
route adding logic remains the same, if not specified, lifetime is set
to infinite. For routes added with Route Info option from ICMPv6 RA
message, set the expiration timer, according to the route lifetime value
received.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Replace unpacked in6_addr structures with raw buffers in net_ipv6_hdr
struct, to prevent compiler warnings about unaligned access.
Remove __packed parameter from `struct net_6lo_context` since the
structure isn't really serialized.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Make sure that in_addr/in6_addr structure size match the respective
binary IP address size with BUILD_ASSERT.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Currently prev_hdr_offset always equals 6, which is the offset of
the nexthdr field in the IPv6 header. This value is used to overwrite it
when removing an IPv6 Fragment header, so it will work as long as there
is no other Extension header between the IPv6 header and the Fragment
header.
However this does not work in the other cases: the nexthdr field of the
IPv6 header will be overwritten instead of the nexthdr field of the last
Extension header before the Fragment, leading to unwanted results.
Update prev_hdr_offset so that it always point to the nexthdr field of
the previous header, either the IPv6 header or an Extension header.
Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>
The current validation code waits to process the header before rejecting
it, while some checks can be already enforced when reading the nexthdr
field of the previous header.
The main problem is a wrong pointer field in the resulting ICMPv6 error
message: the pointer should have the offset of the invalid nexthdr
field, while currently it will the offset the invalid header.
To solve that problem, reorganize the loop in two parts: the first
switch validates nexthdr, while the second switch processes the current
header. This allows to reject invalid nexthdr earlier.
The check for duplicated headers is also generalized, so that we can
catch other kind of headers (like the Fragment header).
Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>
By definition, NET_IPV6_NEXTHDR_NONE is void. So we must stop processing
before trying to read any data, since we will start reading values that
are outside the Extension Header (likely the payload, if any).
Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>
When an unknown option is encountered, an ICMPv6 error message must be
sent in some cases. The message contains a pointer field, which must be
the offset to the unknown option. Currently the offset is computed from
the beginning of the option list, while it should be computed with
respect to the beginning of the IPv6 header.
Record the offset when reading the option type and pass it later to
ipv6_drop_on_unknown_option() to correctly set the pointer field. Also
rename the argument in ipv6_drop_on_unknown_option() to make the
purpose more clear.
Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>
Currently PADN data are not skipped, which results in the stack to think
that the next header starts in the middle of the padding. We have to
skip the bytes before going on.
Also clarify the PAD1 does not have any length field.
Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>
The current names are confusing. Indeed "nexthdr" if the type of the
header currently processed, while "next_nexthdr" is the nexthdr field of
the current header.
Rename them to improve readability and make it less error-prone.
Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>
This can be used to implement tunneling, VPN etc. The virtual
interfaces can be chained together to support multilayer
network interfaces.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
A cast made assumption on how data is stored.
This commit makes the following test pass on qemu_leon3:
- net.udp
Signed-off-by: Martin Åberg <martin.aberg@gaisler.com>
-Wimplicit-fallthrough=2 requires a fallthrough comment or a compiler
to tells gcc that this happens intentionally.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Added additonal checks in net_ipv6_input to ensure that multicasts
are only passed to the upper layer if the originating interface
actually joined the destination multicast group.
Signed-off-by: Philip Serbin <philip.serbin@lemonbeat.com>
net: route: Add prefix-based ipv6 multicast forwarding
This adds/reenables the feature of multicast routing/forwarding.
The forwarding decision is based on the added multicast routes
and the new network interface flag:
NET_IF_FORWARD_MULTICASTS.
Signed-off-by: Jan Georgi <jan.georgi@lemonbeat.com>
If no other route is found, the network interface prefixes are
evaluated. If a matching interface is found, the packet is sent out on
this interface.
Signed-off-by: Christian Taedcke <christian.taedcke@lemonbeat.com>
The address family of the received packet must be set, before routing
it. E.g. the ethernet driver would drop the packet if this is not
done.
Signed-off-by: Christian Taedcke <christian.taedcke@lemonbeat.com>
Allow user to disable native IP stack and use offloaded IP
stack instead. It is also possible to enable both at the same
time if needed.
Fixes#18105
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Make sure that the extension, like HBHO, sub-option length is
not too large.
Fixes#16323
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we receive IPv6 packet where source address is unspecified
(all zeros), then we need to drop it.
Fixes#17450
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Since the new packet flow came in, payload comes at the end so udp
length for instance is known only when we "finalize" the packet.
However such finalization was still under the condition of chksum
offload, like it used to be in the former flow (udp headers were
inserted). This is obviously wrong but that was not caught with
existing driver in master as none of these drivers offloading
chksum calculation.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Now that legacy - and unrelated - function named net_pkt_get_data has
been removed, we can rename net_pkt_get_data_new relevantly.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
The ipv6_handle_ext_hdr_options() can return negative value
but we stored it into unsigned variable and then checked < 0.
Coverity-CID: 190995
Fixes#13830
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
ICMPv6 network packets are processed and consumed (if not dropped)
within `net_icmpv6_input` function. Therefore they shoud not be
passed to the `net_conn_input` function.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
It is now unused anywhere: former net_pkt_get_src/dst_addr where the
only one using it and that has been changed since.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Though these are currently used by the core only, it will be then used
by net_context as well. This one of the steps to get rid of net_pkt's
appdata/appdatalen attributes.
Also normalizing all ip/proto parameters name to ip_hdr and proto_hdr.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
