From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id BD8215A027A for ; Wed, 28 Feb 2024 12:25:33 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202312; t=1709119522; bh=vNGGCOV+73/tUMsvkLL94EwazSldihUIeoeIJ++yUJg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=b/2XH3t39u9B7kJC/IarTsHHV1UPShfOGEr6BUKqtcuQU7UEcSb3Jgb6WPWj0JSDT xjpcdCUYodI17RzekMvQIxr+lrq6tMP6xgfs8hGTh5g01Omn9OWezyORoOtsGlqzsg Qa03DZxo+gJi17d5ivUjgXwm8CE9cUPqpjtYcJXh3AaisnOrDE7gF8Q/yTEaNiTGHY AZo6kGOBBv4kkIwJoVjRVmR1x1LCXpRbwmG5xAtRnTRjY1P76yOqzon/azXD3k/vJb gQcxYVI4wk69VOqeo8V1ak7TstRJiOVxsDNCKzTp18Z18ly9heJ0gAKv14YwR6McI5 LIMBpHHoRKQNQ== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4TlBq66qlQz4wyx; Wed, 28 Feb 2024 22:25:22 +1100 (AEDT) From: David Gibson To: passt-dev@passt.top, Stefano Brivio Subject: [PATCH v3 18/20] tap: Disallow loopback addresses on tap interface Date: Wed, 28 Feb 2024 22:25:18 +1100 Message-ID: <20240228112520.2078220-19-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.43.2 In-Reply-To: <20240228112520.2078220-1-david@gibson.dropbear.id.au> References: <20240228112520.2078220-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: VHNASY5P3SEDNSPXR76WOKU3RN5ACDEK X-Message-ID-Hash: VHNASY5P3SEDNSPXR76WOKU3RN5ACDEK X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: The "tap" interface, whether it's actually a tuntap device or a qemu socket, presents a virtual external link between different network hosts. Hence, loopback addresses make no sense there. However, nothing prevents the guest from putting bogus packets with loopback addresses onto the interface and it's not entirely clear what effect that will have on passt. Explicitly test for such packets and drop them. Signed-off-by: David Gibson --- tap.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tap.c b/tap.c index 8a9a68b7..3a666212 100644 --- a/tap.c +++ b/tap.c @@ -610,6 +610,16 @@ resume: l4_len = htons(iph->tot_len) - hlen; + if (IN4_IS_ADDR_LOOPBACK(&iph->saddr) || + IN4_IS_ADDR_LOOPBACK(&iph->daddr)) { + char sstr[INET_ADDRSTRLEN], dstr[INET_ADDRSTRLEN]; + + debug("Loopback address on tap interface: %s -> %s", + inet_ntop(AF_INET, &iph->saddr, sstr, sizeof(sstr)), + inet_ntop(AF_INET, &iph->daddr, dstr, sizeof(dstr))); + continue; + } + if (iph->saddr && c->ip4.addr_seen.s_addr != iph->saddr) c->ip4.addr_seen.s_addr = iph->saddr; @@ -766,6 +776,15 @@ resume: if (!(l4h = ipv6_l4hdr(in, i, sizeof(*eh), &proto, &l4_len))) continue; + if (IN6_IS_ADDR_LOOPBACK(saddr) || IN6_IS_ADDR_LOOPBACK(daddr)) { + char sstr[INET6_ADDRSTRLEN], dstr[INET6_ADDRSTRLEN]; + + debug("Loopback address on tap interface: %s -> %s", + inet_ntop(AF_INET6, saddr, sstr, sizeof(sstr)), + inet_ntop(AF_INET6, daddr, dstr, sizeof(dstr))); + continue; + } + if (IN6_IS_ADDR_LINKLOCAL(saddr)) { c->ip6.addr_ll_seen = *saddr; -- 2.43.2