netstack: Don't treat ipv4 link-local addresses specially

In Linux, RFC 3927 logic is implemented in user-space. If we try to implement
that within the netstack, it can introduce undesired compatibility issues. For
example, GCE uses link-local addresses for some services like DNS.

PiperOrigin-RevId: 770045074

Author: avagin

pkg/tcpip/network/ipv4/ipv4.go

@@ -934,22 +934,6 @@ func validateAddressesForForwarding(h header.IPv4) ip.ForwardingError {
 		return &ip.ErrInitializingSourceAddress{}
 	}
 
-	// As per RFC 3927 section 7,
-	//
-	//   A router MUST NOT forward a packet with an IPv4 Link-Local source or
-	//   destination address, irrespective of the router's default route
-	//   configuration or routes obtained from dynamic routing protocols.
-	//
-	//   A router which receives a packet with an IPv4 Link-Local source or
-	//   destination address MUST NOT forward the packet.  This prevents
-	//   forwarding of packets back onto the network segment from which they
-	//   originated, or to any other segment.
-	if header.IsV4LinkLocalUnicastAddress(srcAddr) {
-		return &ip.ErrLinkLocalSourceAddress{}
-	}
-	if dstAddr := h.DestinationAddress(); header.IsV4LinkLocalUnicastAddress(dstAddr) || header.IsV4LinkLocalMulticastAddress(dstAddr) {
-		return &ip.ErrLinkLocalDestinationAddress{}
-	}
 	return nil
 }
 
@@ -1616,11 +1600,11 @@ func (p *protocol) Close() {
 func (*protocol) Wait() {}
 
 func (p *protocol) validateUnicastSourceAndMulticastDestination(addresses stack.UnicastSourceAndMulticastDestination) tcpip.Error {
-	if !p.isUnicastAddress(addresses.Source) || header.IsV4LinkLocalUnicastAddress(addresses.Source) {
+	if !p.isUnicastAddress(addresses.Source) {
 		return &tcpip.ErrBadAddress{}
 	}
 
-	if !header.IsV4MulticastAddress(addresses.Destination) || header.IsV4LinkLocalMulticastAddress(addresses.Destination) {
+	if !header.IsV4MulticastAddress(addresses.Destination) {
 		return &tcpip.ErrBadAddress{}
 	}
 

pkg/tcpip/network/ipv4/ipv4_test.go

@@ -345,7 +345,6 @@ func TestForwarding(t *testing.T) {
 	const randomTimeOffset = 0x10203040
 
 	unreachableIPv4Addr := testutil.MustParse4("12.0.0.2")
-	linkLocalIPv4Addr := testutil.MustParse4("169.254.0.0")
 
 	tests := []struct {
 		name                                 string
@@ -480,22 +479,6 @@ func TestForwarding(t *testing.T) {
 			expectedPacketUnrouteableErrors: 1,
 			expectPacketForwarded:           false,
 		},
-		{
-			name:                        "Link local destination",
-			TTL:                         2,
-			srcAddr:                     remoteIPv4Addr1,
-			dstAddr:                     linkLocalIPv4Addr,
-			expectedLinkLocalDestErrors: 1,
-			expectPacketForwarded:       false,
-		},
-		{
-			name:                          "Link local source",
-			TTL:                           2,
-			srcAddr:                       linkLocalIPv4Addr,
-			dstAddr:                       remoteIPv4Addr2,
-			expectedLinkLocalSourceErrors: 1,
-			expectPacketForwarded:         false,
-		},
 		{
 			name:                             "unspecified source",
 			TTL:                              2,

pkg/tcpip/tests/integration/forward_test.go

@@ -387,15 +387,21 @@ func TestUnicastForwarding(t *testing.T) {
 			srcAddr:       ipv4LinkLocalUnicastAddr,
 			dstAddr:       utils.RemoteIPv4Addr,
 			rx:            rxICMPv4EchoRequest,
-			expectForward: false,
+			expectForward: true,
+			checker: func(t *testing.T, v *buffer.View) {
+				forwardedICMPv4EchoRequestChecker(t, v, ipv4LinkLocalUnicastAddr, utils.RemoteIPv4Addr)
+			},
 		},
 		{
 			name:          "IPv4 link-local destination",
 			netProto:      ipv4.ProtocolNumber,
 			srcAddr:       utils.RemoteIPv4Addr,
 			dstAddr:       ipv4LinkLocalUnicastAddr,
 			rx:            rxICMPv4EchoRequest,
-			expectForward: false,
+			expectForward: true,
+			checker: func(t *testing.T, v *buffer.View) {
+				forwardedICMPv4EchoRequestChecker(t, v, utils.RemoteIPv4Addr, ipv4LinkLocalUnicastAddr)
+			},
 		},
 		{
 			name:          "IPv4 non-link-local unicast",

pkg/tcpip/tests/integration/multicast_forward_test.go

@@ -329,15 +329,6 @@ func TestAddMulticastRoute(t *testing.T) {
 			multicastForwardingEventsBeforeAddRouteCalled: []multicastForwardingEvent{enabledForNIC, enabledForProtocol},
 			wantErr: &tcpip.ErrBadAddress{},
 		},
-		{
-			name:               "link-local unicast source",
-			srcAddr:            linkLocalUnicastAddr,
-			dstAddr:            multicastAddr,
-			routeIncomingNICID: incomingNICID,
-			routeOutgoingNICID: outgoingNICID,
-			multicastForwardingEventsBeforeAddRouteCalled: []multicastForwardingEvent{enabledForNIC, enabledForProtocol},
-			wantErr: &tcpip.ErrBadAddress{},
-		},
 		{
 			name:               "empty source",
 			srcAddr:            emptyAddr,
@@ -365,15 +356,6 @@ func TestAddMulticastRoute(t *testing.T) {
 			multicastForwardingEventsBeforeAddRouteCalled: []multicastForwardingEvent{enabledForNIC, enabledForProtocol},
 			wantErr: &tcpip.ErrBadAddress{},
 		},
-		{
-			name:               "link-local multicast destination",
-			srcAddr:            remoteUnicastAddr,
-			dstAddr:            linkLocalMulticastAddr,
-			routeIncomingNICID: incomingNICID,
-			routeOutgoingNICID: outgoingNICID,
-			multicastForwardingEventsBeforeAddRouteCalled: []multicastForwardingEvent{enabledForNIC, enabledForProtocol},
-			wantErr: &tcpip.ErrBadAddress{},
-		},
 		{
 			name:               "unknown input NICID",
 			srcAddr:            remoteUnicastAddr,
@@ -600,12 +582,6 @@ func TestMulticastRouteLastUsedTime(t *testing.T) {
 			dstAddr: multicastAddr,
 			wantErr: &tcpip.ErrBadAddress{},
 		},
-		{
-			name:    "link-local unicast source",
-			srcAddr: linkLocalUnicastAddr,
-			dstAddr: multicastAddr,
-			wantErr: &tcpip.ErrBadAddress{},
-		},
 		{
 			name:    "empty source",
 			srcAddr: emptyAddr,
@@ -624,12 +600,6 @@ func TestMulticastRouteLastUsedTime(t *testing.T) {
 			dstAddr: emptyAddr,
 			wantErr: &tcpip.ErrBadAddress{},
 		},
-		{
-			name:    "link-local multicast destination",
-			srcAddr: remoteUnicastAddr,
-			dstAddr: linkLocalMulticastAddr,
-			wantErr: &tcpip.ErrBadAddress{},
-		},
 	}
 
 	for _, test := range tests {
@@ -758,12 +728,6 @@ func TestRemoveMulticastRoute(t *testing.T) {
 			dstAddr: multicastAddr,
 			wantErr: &tcpip.ErrBadAddress{},
 		},
-		{
-			name:    "link-local unicast source",
-			srcAddr: linkLocalUnicastAddr,
-			dstAddr: multicastAddr,
-			wantErr: &tcpip.ErrBadAddress{},
-		},
 		{
 			name:    "empty source",
 			srcAddr: emptyAddr,
@@ -782,12 +746,6 @@ func TestRemoveMulticastRoute(t *testing.T) {
 			dstAddr: emptyAddr,
 			wantErr: &tcpip.ErrBadAddress{},
 		},
-		{
-			name:    "link-local multicast destination",
-			srcAddr: remoteUnicastAddr,
-			dstAddr: linkLocalMulticastAddr,
-			wantErr: &tcpip.ErrBadAddress{},
-		},
 	}
 
 	for _, test := range tests {
@@ -927,22 +885,6 @@ func TestMulticastForwarding(t *testing.T) {
 			routeInputInterface:          incomingNICID,
 			expectedForwardingInterfaces: []tcpip.NICID{outgoingNICID, otherOutgoingNICID},
 		},
-		{
-			name:                         "forward and local",
-			dstAddr:                      multicastAddr,
-			ttl:                          packetTTL,
-			routeInputInterface:          incomingNICID,
-			joinMulticastGroup:           true,
-			expectedForwardingInterfaces: []tcpip.NICID{outgoingNICID, otherOutgoingNICID},
-		},
-		{
-			name:                         "local only",
-			dstAddr:                      linkLocalMulticastAddr,
-			ttl:                          packetTTL,
-			routeInputInterface:          incomingNICID,
-			joinMulticastGroup:           true,
-			expectedForwardingInterfaces: []tcpip.NICID{},
-		},
 		{
 			name:                             "multicast forwarding disabled for NIC",
 			disableMulticastForwardingForNIC: true,