mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
Merge branch 'fix/lwip_drop_ipv6_if_no_ll' into 'master'
fix(lwip): Add default IPv6 input filter to drop traffic if ipv6 not assigned Closes IDF-10472 See merge request espressif/esp-idf!32165
This commit is contained in:
commit
82a29b7d21
@ -1355,11 +1355,15 @@ menu "LWIP"
|
|||||||
choice LWIP_HOOK_IP6_INPUT
|
choice LWIP_HOOK_IP6_INPUT
|
||||||
prompt "IPv6 packet input"
|
prompt "IPv6 packet input"
|
||||||
depends on LWIP_IPV6
|
depends on LWIP_IPV6
|
||||||
default LWIP_HOOK_IP6_INPUT_NONE
|
default LWIP_HOOK_IP6_INPUT_DEFAULT
|
||||||
help
|
help
|
||||||
Enables custom IPv6 packet input.
|
Enables custom IPv6 packet input.
|
||||||
Setting this to "default" provides weak implementation
|
Setting this to "default" provides weak IDF implementation,
|
||||||
stub that could be overwritten in application code.
|
which drops all incoming IPv6 traffic if the interface has no link local address.
|
||||||
|
(this default implementation is "weak" and could be still overwritten
|
||||||
|
in the application if some additional IPv6 input packet filtering is needed)
|
||||||
|
Setting this to "none" removes this default filter and conforms to the lwIP
|
||||||
|
implementation (which accepts multicasts even if the interface has no link local address)
|
||||||
Setting this to "custom" provides hook's declaration
|
Setting this to "custom" provides hook's declaration
|
||||||
only and expects the application to implement it.
|
only and expects the application to implement it.
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
|
* SPDX-FileCopyrightText: 2020-2024 Espressif Systems (Shanghai) CO LTD
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
*/
|
*/
|
||||||
@ -56,11 +56,25 @@ const ip_addr_t *__weak lwip_hook_ip6_select_source_address(struct netif *netif,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef CONFIG_LWIP_HOOK_IP6_INPUT_DEFAULT
|
#ifdef CONFIG_LWIP_HOOK_IP6_INPUT_DEFAULT
|
||||||
|
/**
|
||||||
|
* @brief The default IPv6 input hook checks if we already have an IPv6 address (netif->ip6_addr[0] is link local),
|
||||||
|
* so we drop all incoming IPv6 packets if the input netif has no LL address.
|
||||||
|
*
|
||||||
|
* LWIP accepts IPv6 multicast packets even if the ip6_addr[] for the given address wasn't set,
|
||||||
|
* this may cause trouble if we enable IPv6 SLAAC (LWIP_IPV6_AUTOCONFIG), but have not created any LL address.
|
||||||
|
* If the router sends a packet to all nodes 0xff01::1 with RDNSS servers, it would be accepted and rewrite
|
||||||
|
* DNS server info with IPv6 values (which won't be routable without any IPv6 address assigned)
|
||||||
|
*/
|
||||||
int __weak lwip_hook_ip6_input(struct pbuf *p, struct netif *inp)
|
int __weak lwip_hook_ip6_input(struct pbuf *p, struct netif *inp)
|
||||||
{
|
{
|
||||||
LWIP_UNUSED_ARG(p);
|
/* Check if the first IPv6 address (link-local) is unassigned (all zeros).
|
||||||
LWIP_UNUSED_ARG(inp);
|
* If the address is empty, it indicates that no link-local address has been configured,
|
||||||
|
* and the interface should not accept incoming IPv6 traffic. */
|
||||||
|
if (ip6_addr_isany(ip_2_ip6(&inp->ip6_addr[0]))) {
|
||||||
|
/* We don't have an LL address -> eat this packet here, so it won't get accepted on the input netif */
|
||||||
|
pbuf_free(p);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
Loading…
Reference in New Issue
Block a user