[nrf fromlist] net: ipv6: routing: move checking for an own source address

kderda · rlubos · commit 8587f90382ba · 2024-07-24T14:42:40.000+02:00
When IPv6 packet is received, there is a check of the packet's source address to verify that it is not interface's non-tentative address. This commit moves this check to the later stages of processing as packets that can be routed are dropped in the early stage otherwise. Upstream PR: zephyrproject-rtos/zephyr#76150 Signed-off-by: Konrad Derda <konrad.derda@nordicsemi.no>
diff --git a/subsys/net/ip/ipv6.c b/subsys/net/ip/ipv6.c
@@ -449,6 +449,18 @@ static uint8_t extension_to_bitmap(uint8_t header, uint8_t ext_bitmap)
 	}
 }
 
+static inline bool is_src_non_tentative_itself(struct in6_addr *src)
+{
+	struct net_if_addr *ifaddr;
+
+	ifaddr = net_if_ipv6_addr_lookup(src, NULL);
+	if (ifaddr != NULL && ifaddr->addr_state != NET_ADDR_TENTATIVE) {
+		return true;
+	}
+
+	return false;
+}
+
 enum net_verdict net_ipv6_input(struct net_pkt *pkt, bool is_loopback)
 {
 	NET_PKT_DATA_ACCESS_CONTIGUOUS_DEFINE(ipv6_access, struct net_ipv6_hdr);
@@ -505,8 +517,6 @@ enum net_verdict net_ipv6_input(struct net_pkt *pkt, bool is_loopback)
 	}
 
 	if (!is_loopback) {
-		struct net_if_addr *ifaddr;
-
 		if (net_ipv6_is_addr_loopback((struct in6_addr *)hdr->dst) ||
 		    net_ipv6_is_addr_loopback((struct in6_addr *)hdr->src)) {
 			NET_DBG("DROP: ::1 packet");
@@ -526,9 +536,10 @@ enum net_verdict net_ipv6_input(struct net_pkt *pkt, bool is_loopback)
 		/* We need to pass the packet through in case our address is
 		 * tentative, as receiving a packet with a tentative address as
 		 * source means that duplicate address has been detected.
+		 * This check is done later on if routing features are enabled.
 		 */
-		ifaddr = net_if_ipv6_addr_lookup((struct in6_addr *)hdr->src, NULL);
-		if (ifaddr != NULL && ifaddr->addr_state != NET_ADDR_TENTATIVE) {
+		if (!IS_ENABLED(CONFIG_NET_ROUTING) && !IS_ENABLED(CONFIG_NET_ROUTE_MCAST) &&
+		    is_src_non_tentative_itself((struct in6_addr *)hdr->src)) {
 			NET_DBG("DROP: src addr is %s", "mine");
 			goto drop;
 		}
@@ -593,6 +604,12 @@ enum net_verdict net_ipv6_input(struct net_pkt *pkt, bool is_loopback)
 		}
 	}
 
+	if ((IS_ENABLED(CONFIG_NET_ROUTING) || IS_ENABLED(CONFIG_NET_ROUTE_MCAST)) &&
+	    !is_loopback && is_src_non_tentative_itself((struct in6_addr *)hdr->src)) {
+		NET_DBG("DROP: src addr is %s", "mine");
+		goto drop;
+	}
+
 	if (net_ipv6_is_addr_mcast((struct in6_addr *)hdr->dst) &&
 	    !(net_ipv6_is_addr_mcast_iface((struct in6_addr *)hdr->dst) ||
 	      net_ipv6_is_addr_mcast_link_all_nodes((struct in6_addr *)hdr->dst))) {
