Changeset 52245 in vbox for trunk/src/VBox/Devices/Network

Timestamp:

Jul 31, 2014 12:06:03 PM (10 years ago)

Author:

vboxsync

Message:

NAT: Drop packets to multicast destinations, the rest of the code is
not prepared to handle multicast meaningfully and doesn't do IGMP.
While here, drop packets to reserved class e addresses too (except to
255.255.255.255 limited broadcast) and drop packets with non-unicast
source addresses.

File:

• trunk/src/VBox/Devices/Network/slirp/ip_input.c (modified) (3 diffs)

trunk/src/VBox/Devices/Network/slirp/ip_input.c

@@ -192 +192 @@
         m_adj(m, ip->ip_len - m->m_len);
 
+    /* source must be unicast */
+    if ((ip->ip_src.s_addr & RT_N2H_U32_C(0xe0000000)) == RT_N2H_U32_C(0xe0000000))
+        goto free_m;
+
     /* check ip_ttl for a correct ICMP reply */
     if (ip->ip_ttl==0 || ip->ip_ttl == 1)
@@ -201 +205 @@
 
     ip->ip_ttl--;
+
+    /*
+     * Drop multicast (class d) and reserved (class e) here.  The rest
+     * of the code is not yet prepared to deal with it.  IGMP is not
+     * implemented either.
+     */
+    if (   (ip->ip_dst.s_addr & RT_N2H_U32_C(0xe0000000)) == RT_N2H_U32_C(0xe0000000)
+        && ip->ip_dst.s_addr != 0xffffffff)
+    {
+        goto free_m;
+    }
+
     /*
      * If offset or IP_MF are set, must reassemble.
@@ -244 +260 @@
     Log2(("NAT: IP datagram to %RTnaipv4 with size(%d) claimed as bad\n",
         ip->ip_dst, ip->ip_len));
+free_m:
     m_freem(pData, m);
 no_free_m: