Merge branch 'fix/lwip_drop_ipv6_if_no_ll' into 'master'

david-cermak · david-cermak · commit 82a29b7d2123 · 2024-09-20T23:33:49.000+08:00
fix(lwip): Add default IPv6 input filter to drop traffic if ipv6 not assigned

Closes IDF-10472

See merge request espressif/esp-idf!32165
diff --git a/components/lwip/Kconfig b/components/lwip/Kconfig
@@ -1355,11 +1355,15 @@ menu "LWIP"
         choice LWIP_HOOK_IP6_INPUT
             prompt "IPv6 packet input"
             depends on LWIP_IPV6
-            default LWIP_HOOK_IP6_INPUT_NONE
+            default LWIP_HOOK_IP6_INPUT_DEFAULT
             help
                 Enables custom IPv6 packet input.
-                Setting this to "default" provides weak implementation
-                stub that could be overwritten in application code.
+                Setting this to "default" provides weak IDF implementation,
+                which drops all incoming IPv6 traffic if the interface has no link local address.
+                (this default implementation is "weak" and could be still overwritten
+                in the application if some additional IPv6 input packet filtering is needed)
+                Setting this to "none" removes this default filter and conforms to the lwIP
+                implementation (which accepts multicasts even if the interface has no link local address)
                 Setting this to "custom" provides hook's declaration
                 only and expects the application to implement it.
 
diff --git a/components/lwip/port/hooks/lwip_default_hooks.c b/components/lwip/port/hooks/lwip_default_hooks.c
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2024 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -56,11 +56,25 @@ const ip_addr_t *__weak lwip_hook_ip6_select_source_address(struct netif *netif,
 #endif
 
 #ifdef CONFIG_LWIP_HOOK_IP6_INPUT_DEFAULT
+/**
+ * @brief The default IPv6 input hook checks if we already have an IPv6 address (netif->ip6_addr[0] is link local),
+ * so we drop all incoming IPv6 packets if the input netif has no LL address.
+ *
+ * LWIP accepts IPv6 multicast packets even if the ip6_addr[] for the given address wasn't set,
+ * this may cause trouble if we enable IPv6 SLAAC (LWIP_IPV6_AUTOCONFIG), but have not created any LL address.
+ * If the router sends a packet to all nodes 0xff01::1 with RDNSS servers, it would be accepted and rewrite
+ * DNS server info with IPv6 values (which won't be routable without any IPv6 address assigned)
+ */
 int __weak lwip_hook_ip6_input(struct pbuf *p, struct netif *inp)
 {
-    LWIP_UNUSED_ARG(p);
-    LWIP_UNUSED_ARG(inp);
-
+    /* Check if the first IPv6 address (link-local) is unassigned (all zeros).
+     * If the address is empty, it indicates that no link-local address has been configured,
+     * and the interface should not accept incoming IPv6 traffic. */
+    if (ip6_addr_isany(ip_2_ip6(&inp->ip6_addr[0]))) {
+        /* We don't have an LL address -> eat this packet here, so it won't get accepted on the input netif */
+        pbuf_free(p);
+        return 1;
+    }
     return 0;
 }
 #endif
