Changeset 61201 in vbox

Timestamp:

May 26, 2016 1:49:38 AM (9 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

107489

Message:

NAT: Drop packets to multicast and reserved destinations earlier,
so that we don't spam TTL exceeded messages in response to multicast
membership report. Only decrement TTL if a packet is not for us.
If a packet is for another node of our private network, drop it.
The latter should address ticketref:15303, though at IP level.

File:

• trunk/src/VBox/Devices/Network/slirp/ip_input.c (modified) (2 diffs)

trunk/src/VBox/Devices/Network/slirp/ip_input.c

@@ -191 +191 @@
         goto free_m;
 
-    /* check ip_ttl for a correct ICMP reply */
-    if (ip->ip_ttl==0 || ip->ip_ttl == 1)
-    {
-        /* XXX: if we're in destination so perhaps we need to send ICMP_TIMXCEED_REASS */
-        icmp_error(pData, m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, 0, "ttl");
-        goto no_free_m;
-    }
-
-    ip->ip_ttl--;
-    if (ip->ip_sum > RT_H2N_U16_C(0xffffU - (1 << 8)))
-        ip->ip_sum += RT_H2N_U16_C(1 << 8) + 1;
-    else
-        ip->ip_sum += RT_H2N_U16_C(1 << 8);
-
     /*
      * Drop multicast (class d) and reserved (class e) here.  The rest
@@ -215 +201 @@
         goto free_m;
     }
+
+
+    /* do we need to "forward" this packet? */
+    if (!CTL_CHECK_MINE(ip->ip_dst.s_addr))
+    {
+        if (ip->ip_ttl <= 1)
+        {
+            icmp_error(pData, m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, 0, "ttl");
+            goto no_free_m;
+        }
+
+        /* ignore packets to other nodes from our private network */
+        if (   CTL_CHECK_NETWORK(ip->ip_dst.s_addr)
+            && !CTL_CHECK_BROADCAST(ip->ip_dst.s_addr))
+        {
+            /* XXX: send ICMP_REDIRECT_HOST to be pedantic? */
+            goto free_m;
+        }
+
+        ip->ip_ttl--;
+        if (ip->ip_sum > RT_H2N_U16_C(0xffffU - (1 << 8)))
+            ip->ip_sum += RT_H2N_U16_C(1 << 8) + 1;
+        else
+            ip->ip_sum += RT_H2N_U16_C(1 << 8);
+    }
+
 
     /*