fix(lwip): Add default IPv6 input filter to drop traffic if ipv6 not assigned

* Makes LWIP_HOOK_IP6_INPUT default to LWIP_HOOK_IP6_INPUT_DEFAULT * Updated the stub hook implementation to actually filter out all IPv6 packets if the input netif has no link local address.
2024-10-05 20:47:46 -04:00 · 2024-07-16 16:41:25 +02:00 · 2024-07-16 16:41:25 +02:00 · 98fdb1a97f
commit 98fdb1a97f
parent 3f13adadab
2 changed files with 25 additions and 7 deletions
--- a/components/lwip/Kconfig
+++ b/components/lwip/Kconfig
@ -1295,11 +1295,15 @@ menu "LWIP"
        choice LWIP_HOOK_IP6_INPUT
            prompt "IPv6 packet input"
            depends on LWIP_IPV6
-            default LWIP_HOOK_IP6_INPUT_NONE
+            default LWIP_HOOK_IP6_INPUT_DEFAULT
            help
                Enables custom IPv6 packet input.
-                Setting this to "default" provides weak implementation
-                stub that could be overwritten in application code.
+                Setting this to "default" provides weak IDF implementation,
+                which drops all incoming IPv6 traffic if the interface has no link local address.
+                (this default implementation is "weak" and could be still overwritten
+                in the application if some additional IPv6 input packet filtering is needed)
+                Setting this to "none" removes this default filter and conforms to the lwIP
+                implementation (which accepts multicasts even if the interface has no link local address)
                Setting this to "custom" provides hook's declaration
                only and expects the application to implement it.

--- a/components/lwip/port/hooks/lwip_default_hooks.c
+++ b/components/lwip/port/hooks/lwip_default_hooks.c
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2024 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -56,11 +56,25 @@ const ip_addr_t *__weak lwip_hook_ip6_select_source_address(struct netif *netif,
 #endif

 #ifdef CONFIG_LWIP_HOOK_IP6_INPUT_DEFAULT
+/**
+ * @brief The default IPv6 input hook checks if we already have an IPv6 address (netif->ip6_addr[0] is link local),
+ * so we drop all incoming IPv6 packets if the input netif has no LL address.
+ *
+ * LWIP accepts IPv6 multicast packets even if the ip6_addr[] for the given address wasn't set,
+ * this may cause trouble if we enable IPv6 SLAAC (LWIP_IPV6_AUTOCONFIG), but have not created any LL address.
+ * If the router sends a packet to all nodes 0xff01::1 with RDNSS servers, it would be accepted and rewrite
+ * DNS server info with IPv6 values (which won't be routable without any IPv6 address assigned)
+ */
 int __weak lwip_hook_ip6_input(struct pbuf *p, struct netif *inp)
 {
-    LWIP_UNUSED_ARG(p);
-    LWIP_UNUSED_ARG(inp);
-
+    /* Check if the first IPv6 address (link-local) is unassigned (all zeros).
+     * If the address is empty, it indicates that no link-local address has been configured,
+     * and the interface should not accept incoming IPv6 traffic. */
+    if (ip6_addr_isany(ip_2_ip6(&inp->ip6_addr[0]))) {
+        /* We don't have an LL address -> eat this packet here, so it won't get accepted on the input netif */
+        pbuf_free(p);
+        return 1;
+    }
    return 0;
 }
 #endif