This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Harald Welte gerrit-no-reply at lists.osmocom.orgHarald Welte has submitted this change and it was merged. Change subject: ggsn: Validate packet src addr from MS ...................................................................... ggsn: Validate packet src addr from MS Closes: OS#2422 Change-Id: Ie658a7f161103bb6f631ab0508e45e55fb42a442 --- M ggsn/ggsn.c M gtp/gtp.c 2 files changed, 19 insertions(+), 1 deletion(-) Approvals: Max: Looks good to me, but someone else must approve Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/ggsn/ggsn.c b/ggsn/ggsn.c index 7954d5e..6645d4c 100644 --- a/ggsn/ggsn.c +++ b/ggsn/ggsn.c @@ -736,7 +736,9 @@ struct ip6_hdr *ip6h = (struct ip6_hdr *)pack; struct tun_t *tun = (struct tun_t *)pdp->ipif; struct apn_ctx *apn = tun->priv; + char straddr[INET6_ADDRSTRLEN]; struct ippoolm_t *peer; + uint8_t pref_offset; OSMO_ASSERT(tun); OSMO_ASSERT(apn); @@ -752,6 +754,16 @@ return -1; } + /* Validate packet comes from IPaddr assigned to the pdp ctx. + If packet is a LL addr, then EUA is in the lower 64 bits, + otherwise it's used as the 64 prefix */ + pref_offset = IN6_IS_ADDR_LINKLOCAL(&ip6h->ip6_src) ? 8 : 0; + if (memcmp(((uint8_t*)&ip6h->ip6_src) + pref_offset, &peer->addr.v6, 8)) { + LOGPPDP(LOGL_ERROR, pdp, "Packet from MS using unassigned src IPv6: %s\n", + inet_ntop(AF_INET6, &ip6h->ip6_src, straddr, sizeof(straddr))); + return -1; + } + /* daddr: all-routers multicast addr */ if (IN6_ARE_ADDR_EQUAL(&ip6h->ip6_dst, &all_router_mcast_addr)) return handle_router_mcast(pdp->gsn, pdp, &peer->addr.v6, @@ -764,6 +776,13 @@ osmo_hexdump(pack, len)); return -1; } + + /* Validate packet comes from IPaddr assigned to the pdp ctx */ + if (memcmp(&iph->saddr, &peer->addr.v4, sizeof(peer->addr.v4))) { + LOGPPDP(LOGL_ERROR, pdp, "Packet from MS using unassigned src IPv4: %s\n", + inet_ntop(AF_INET, &iph->saddr, straddr, sizeof(straddr))); + return -1; + } break; default: LOGPPDP(LOGL_ERROR, pdp, "Packet from MS is neither IPv4 nor IPv6: %s\n", diff --git a/gtp/gtp.c b/gtp/gtp.c index 2abc32e..42e84a7 100644 --- a/gtp/gtp.c +++ b/gtp/gtp.c @@ -2698,7 +2698,6 @@ int hlen; - /* Need to include code to verify packet src and dest addresses */ struct pdp_t *pdp; switch (version) { -- To view, visit https://gerrit.osmocom.org/6099 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie658a7f161103bb6f631ab0508e45e55fb42a442 Gerrit-PatchSet: 3 Gerrit-Project: osmo-ggsn Gerrit-Branch: master Gerrit-Owner: Pau Espin Pedrol <pespin at sysmocom.de> Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Max <msuraev at sysmocom.de>