From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 3F19C5A0275
	for <passt-dev@passt.top>; Tue,  6 Feb 2024 02:17:49 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202312; t=1707182260;
	bh=dGzRyqoVuK3SLJwt4SkDE7utcJdABoagfFtfD/Zr/uo=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=ndlYp1iaLuYS6L5rd0ENV6jpMrKYbV/GL9J/AfkUkPjzzlwQilh3neeIZ5XSpfiAp
	 H4mtLpNfzVFdQY0DBn3imr5UX1faPdBYxozOPKAqQ3YTxNVy4hbT6b77WB88bODnaV
	 DNgXUwEWEMr2A7khAwLMTg0YOT2e6lFsuy2MZEtXnL3Zjp1Z7U0rDmG1VRqiea3pX2
	 y1rveNKBWXszFM9D+kb+4Z6Pc83V61BSWZLhNJjGPx2e3j7jkhAw+R0G9IiNjSKq7G
	 kY0crs7Eb/Rohe5A4VCEjlrYBOgVfxJvcYMPo7IK4dSusrGeC7ZT8csvHDnviPG1zE
	 /S4gq/yP0pDxw==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4TTQN424Xmz4x0t; Tue,  6 Feb 2024 12:17:40 +1100 (AEDT)
From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top,
	Stefano Brivio <sbrivio@redhat.com>
Subject: [PATCH v2 20/22] tap: Disallow loopback addresses on tap interface
Date: Tue,  6 Feb 2024 12:17:32 +1100
Message-ID: <20240206011734.884138-21-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240206011734.884138-1-david@gibson.dropbear.id.au>
References: <20240206011734.884138-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: 25PXPY5IAD27QMUSXQCM64OMK7LUU4UB
X-Message-ID-Hash: 25PXPY5IAD27QMUSXQCM64OMK7LUU4UB
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20240206011734.884138-21-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/25PXPY5IAD27QMUSXQCM64OMK7LUU4UB/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

The "tap" interface, whether it's actually a tuntap device or a qemu
socket, presents a virtual external link between different network hosts.
Hence, loopback addresses make no sense there.  However, nothing prevents
the guest from putting bogus packets with loopback addresses onto the
interface and it's not entirely clear what effect that will have on passt.

Explicitly test for such packets and drop them.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 tap.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/tap.c b/tap.c
index 396dee7e..9c839abe 100644
--- a/tap.c
+++ b/tap.c
@@ -633,6 +633,16 @@ resume:
 
 		l4_len = htons(iph->tot_len) - hlen;
 
+		if (IN4_IS_ADDR_LOOPBACK(&iph->saddr) ||
+		    IN4_IS_ADDR_LOOPBACK(&iph->daddr)) {
+			char sstr[INET_ADDRSTRLEN], dstr[INET_ADDRSTRLEN];
+
+			debug("Loopback address on tap interface: %s -> %s",
+			      inet_ntop(AF_INET, &iph->saddr, sstr, sizeof(sstr)),
+			      inet_ntop(AF_INET, &iph->daddr, dstr, sizeof(dstr)));
+			continue;
+		}
+
 		if (iph->saddr && c->ip4.addr_seen.s_addr != iph->saddr)
 			c->ip4.addr_seen.s_addr = iph->saddr;
 
@@ -789,6 +799,15 @@ resume:
 		if (!(l4h = ipv6_l4hdr(in, i, sizeof(*eh), &proto, &l4_len)))
 			continue;
 
+		if (IN6_IS_ADDR_LOOPBACK(saddr) || IN6_IS_ADDR_LOOPBACK(daddr)) {
+			char sstr[INET6_ADDRSTRLEN], dstr[INET6_ADDRSTRLEN];
+
+			debug("Loopback address on tap interface: %s -> %s",
+			      inet_ntop(AF_INET6, saddr, sstr, sizeof(sstr)),
+			      inet_ntop(AF_INET6, daddr, dstr, sizeof(dstr)));
+			continue;
+		}
+
 		if (IN6_IS_ADDR_LINKLOCAL(saddr)) {
 			c->ip6.addr_ll_seen = *saddr;
 
-- 
2.43.0