[PATCH] osmo-ggsn[master]: ggsn: Validate packet src addr from MS

[Pau Espin Pedrol]

Review at  https://gerrit.osmocom.org/6099

ggsn: Validate packet src addr from MS

Closes: OS#2422

Change-Id: Ie658a7f161103bb6f631ab0508e45e55fb42a442
---
M ggsn/ggsn.c
M gtp/gtp.c
2 files changed, 19 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.osmocom.org:29418/osmo-ggsn refs/changes/99/6099/1

diff --git a/ggsn/ggsn.c b/ggsn/ggsn.c
index 578389b..97f256e 100644
--- a/ggsn/ggsn.c
+++ b/ggsn/ggsn.c
@@ -740,7 +740,9 @@
 	struct ip6_hdr *ip6h = (struct ip6_hdr *)pack;
 	struct tun_t *tun = (struct tun_t *)pdp->ipif;
 	struct apn_ctx *apn = tun->priv;
+	char straddr[INET6_ADDRSTRLEN];
 	struct ippoolm_t *peer;
+	uint8_t pref_offset;
 
 	OSMO_ASSERT(tun);
 	OSMO_ASSERT(apn);
@@ -756,6 +758,16 @@
 			return -1;
 		}
 
+		/* Validate packet comes from IPaddr assigned to the pdp ctx.
+		   If packet is a LL addr, then EUA is in the lower 64 bits,
+		   otherwise it's used as the 64 prefix */
+		pref_offset = IN6_IS_ADDR_LINKLOCAL(&ip6h->ip6_src) ? 8 : 0;
+		if (memcmp(((uint8_t*)&ip6h->ip6_src) + pref_offset, &peer->addr.v6, 8)) {
+			LOGPPDP(LOGL_ERROR, pdp, "Packet from MS using unassigned src IPv6: %s\n",
+				inet_ntop(AF_INET6, &ip6h->ip6_src, straddr, sizeof(straddr)));
+			return -1;
+		}
+
 		/* daddr: all-routers multicast addr */
 		if (IN6_ARE_ADDR_EQUAL(&ip6h->ip6_dst, &all_router_mcast_addr))
 			return handle_router_mcast(pdp->gsn, pdp, &peer->addr.v6,
@@ -768,6 +780,13 @@
 				osmo_hexdump(pack, len));
 			return -1;
 		}
+
+		/* Validate packet comes from IPaddr assigned to the pdp ctx */
+		if (memcmp(&iph->saddr, &peer->addr.v4, sizeof(peer->addr.v4))) {
+			LOGPPDP(LOGL_ERROR, pdp, "Packet from MS using unassigned src IPv4: %s\n",
+				inet_ntop(AF_INET, &iph->saddr, straddr, sizeof(straddr)));
+			return -1;
+		}
 		break;
 	default:
 		LOGPPDP(LOGL_ERROR, pdp, "Packet from MS is neither IPv4 nor IPv6: %s\n",
diff --git a/gtp/gtp.c b/gtp/gtp.c
index 2abc32e..42e84a7 100644
--- a/gtp/gtp.c
+++ b/gtp/gtp.c
@@ -2698,7 +2698,6 @@
 
 	int hlen;
 
-	/* Need to include code to verify packet src and dest addresses */
 	struct pdp_t *pdp;
 
 	switch (version) {

-- 
To view, visit https://gerrit.osmocom.org/6099
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie658a7f161103bb6f631ab0508e45e55fb42a442
Gerrit-PatchSet: 1
Gerrit-Project: osmo-ggsn
Gerrit-Branch: master
Gerrit-Owner: Pau Espin Pedrol <pespin at sysmocom.de>