Validate multicast addresses, pre-filter by allowed network stacks

tstenner · tstenner · commit dd906dc233ee · 2021-06-25T11:28:27.000+02:00
diff --git a/src/api_config.cpp b/src/api_config.cpp
@@ -148,32 +148,29 @@ void api_config::load_from_file(const std::string &filename) {
 		else
 			throw std::runtime_error("This ResolveScope setting is unsupported.");
 
-		multicast_addresses_.insert(
-			multicast_addresses_.end(), machine_group.begin(), machine_group.end());
+		std::vector<std::string> mcasttmp;
+
+		mcasttmp.insert(mcasttmp.end(), machine_group.begin(), machine_group.end());
 		multicast_ttl_ = 0;
 
 		if (scope >= link) {
-			multicast_addresses_.insert(
-				multicast_addresses_.end(), link_group.begin(), link_group.end());
-			multicast_addresses_.push_back("FF02:" + ipv6_multicast_group);
+			mcasttmp.insert(mcasttmp.end(), link_group.begin(), link_group.end());
+			mcasttmp.push_back("FF02:" + ipv6_multicast_group);
 			multicast_ttl_ = 1;
 		}
 		if (scope >= site) {
-			multicast_addresses_.insert(
-				multicast_addresses_.end(), site_group.begin(), site_group.end());
-			multicast_addresses_.push_back("FF05:" + ipv6_multicast_group);
+			mcasttmp.insert(mcasttmp.end(), site_group.begin(), site_group.end());
+			mcasttmp.push_back("FF05:" + ipv6_multicast_group);
 			multicast_ttl_ = 24;
 		}
 		if (scope >= organization) {
-			multicast_addresses_.insert(
-				multicast_addresses_.end(), organization_group.begin(), organization_group.end());
-			multicast_addresses_.push_back("FF08:" + ipv6_multicast_group);
+			mcasttmp.insert(mcasttmp.end(), organization_group.begin(), organization_group.end());
+			mcasttmp.push_back("FF08:" + ipv6_multicast_group);
 			multicast_ttl_ = 32;
 		}
 		if (scope >= global) {
-			multicast_addresses_.insert(
-				multicast_addresses_.end(), global_group.begin(), global_group.end());
-			multicast_addresses_.push_back("FF0E:" + ipv6_multicast_group);
+			mcasttmp.insert(mcasttmp.end(), global_group.begin(), global_group.end());
+			mcasttmp.push_back("FF0E:" + ipv6_multicast_group);
 			multicast_ttl_ = 255;
 		}
 
@@ -182,7 +179,14 @@ void api_config::load_from_file(const std::string &filename) {
 		std::vector<std::string> address_override =
 			parse_set(pt.get("multicast.AddressesOverride", "{}"));
 		if (ttl_override >= 0) multicast_ttl_ = ttl_override;
-		if (!address_override.empty()) multicast_addresses_ = address_override;
+		if (!address_override.empty()) mcasttmp = address_override;
+
+		// Parse, validate and store multicast addresses
+		for (std::vector<std::string>::iterator it = mcasttmp.begin(); it != mcasttmp.end(); ++it) {
+			ip::address addr = ip::make_address(*it);
+			if ((addr.is_v4() && allow_ipv4_) || (addr.is_v6() && allow_ipv6_))
+				multicast_addresses_.push_back(addr);
+		}
 
 		// The network stack requires the source interfaces for multicast packets to be
 		// specified as IPv4 address or an IPv6 interface index
diff --git a/src/api_config.h b/src/api_config.h
@@ -7,6 +7,8 @@
 #include <string>
 #include <vector>
 
+namespace ip = lslboost::asio::ip;
+
 namespace lsl {
 /**
  * A configuration object: holds all the configurable settings of liblsl.
@@ -83,7 +85,7 @@ class api_config {
 	const std::string &resolve_scope() const { return resolve_scope_; }
 
 	/**
-	 * @brief List of multicast addresses on which inlets / outlets advertise/discover streams.
+	 * List of multicast addresses on which inlets / outlets advertise/discover streams.
 	 *
 	 * This is merged from several other config file entries
 	 * (LocalAddresses,SiteAddresses,OrganizationAddresses, GlobalAddresses)
@@ -98,7 +100,7 @@ class api_config {
 	 * department) or organization (e.g., the campus), or at larger scope, multicast addresses
 	 * with the according scope need to be included.
 	 */
-	const std::vector<std::string> &multicast_addresses() const { return multicast_addresses_; }
+	const std::vector<ip::address> &multicast_addresses() const { return multicast_addresses_; }
 
 	/**
 	 * @brief The address of the local interface on which to listen to multicast traffic.
@@ -222,7 +224,7 @@ class api_config {
 	bool allow_random_ports_;
 	uint16_t multicast_port_;
 	std::string resolve_scope_;
-	std::vector<std::string> multicast_addresses_;
+	std::vector<ip::address> multicast_addresses_;
 	int multicast_ttl_;
 	std::string listen_address_;
 	std::vector<std::string> known_peers_;
diff --git a/src/resolver_impl.cpp b/src/resolver_impl.cpp
@@ -23,7 +23,7 @@ resolver_impl::resolver_impl()
 	uint16_t mcast_port = cfg_->multicast_port();
 	for (const auto &mcast_addr : cfg_->multicast_addresses()) {
 		try {
-			mcast_endpoints_.emplace_back(ip::make_address(mcast_addr), (uint16_t)mcast_port);
+			mcast_endpoints_.emplace_back(mcast_addr, mcast_port);
 		} catch (std::exception &) {}
 	}
 
diff --git a/src/stream_outlet_impl.cpp b/src/stream_outlet_impl.cpp
@@ -76,16 +76,15 @@ void stream_outlet_impl::instantiate_stack(tcp tcp_protocol, udp udp_protocol) {
 	ios_.push_back(std::make_shared<asio::io_context>());
 	udp_servers_.push_back(std::make_shared<udp_server>(info_, *ios_.back(), udp_protocol));
 	// create UDP multicast responders
-	for (const auto &mcastaddr : cfg->multicast_addresses()) {
+	for (const auto &address : cfg->multicast_addresses()) {
 		try {
 			// use only addresses for the protocol that we're supposed to use here
-			auto address = asio::ip::make_address(mcastaddr);
 			if (udp_protocol == udp::v4() ? address.is_v4() : address.is_v6())
 				responders_.push_back(std::make_shared<udp_server>(
-					info_, *ios_.back(), mcastaddr, multicast_port, multicast_ttl, listen_address));
+					info_, *ios_.back(), address, multicast_port, multicast_ttl, listen_address));
 		} catch (std::exception &e) {
-			LOG_F(WARNING, "Couldn't create multicast responder for %s (%s)", mcastaddr.c_str(),
-				e.what());
+			LOG_F(WARNING, "Couldn't create multicast responder for %s (%s)",
+				address.to_string().c_str(), e.what());
 		}
 	}
 }
diff --git a/src/udp_server.cpp b/src/udp_server.cpp
@@ -1,4 +1,5 @@
 #include "udp_server.h"
+#include "api_config.h"
 #include "socket_utils.h"
 #include "stream_info_impl.h"
 #include <boost/asio/ip/address.hpp>
@@ -29,11 +30,10 @@ udp_server::udp_server(const stream_info_impl_p &info, asio::io_context &io, udp
 		(void *)this);
 }
 
-udp_server::udp_server(const stream_info_impl_p &info, asio::io_context &io,
-	const std::string &address, uint16_t port, int ttl, const std::string &listen_address)
+udp_server::udp_server(const stream_info_impl_p &info, asio::io_context &io, ip::address addr,
+	uint16_t port, int ttl, const std::string &listen_address)
 	: info_(info), io_(io), socket_(std::make_shared<udp::socket>(io)),
 	  time_services_enabled_(false) {
-	ip::address addr = ip::make_address(address);
 	bool is_broadcast = addr == ip::address_v4::broadcast();
 
 	// set up the endpoint where we listen (note: this is not yet the multicast address)
@@ -60,16 +60,28 @@ udp_server::udp_server(const stream_info_impl_p &info, asio::io_context &io,
 	// bind to the listen endpoint
 	socket_->bind(listen_endpoint);
 
-	// join the multicast group, if any
+	// join the multicast groups
 	if (addr.is_multicast() && !is_broadcast) {
-		if (addr.is_v4())
-			socket_->set_option(
-				ip::multicast::join_group(addr.to_v4(), listen_endpoint.address().to_v4()));
-		else
-			socket_->set_option(ip::multicast::join_group(addr));
+		bool joined_anywhere = false;
+		lslboost::system::error_code err;
+		for (auto &if_ : api_config::get_instance()->multicast_interfaces) {
+			DLOG_F(INFO, "Joining %s to %s", if_.addr.to_string().c_str(), addr.to_string().c_str());
+			if (addr.is_v4() && if_.addr.is_v4())
+				socket_->set_option(
+					ip::multicast::join_group(addr.to_v4(), if_.addr.to_v4()), err);
+			else if (addr.is_v6() && if_.addr.is_v6())
+				socket_->set_option(
+					ip::multicast::join_group(addr.to_v6(), if_.addr.to_v6().scope_id()), err);
+			if (err)
+				LOG_F(WARNING, "Could not bind multicast responder for %s to interface %s (%s)",
+					addr.to_string().c_str(), if_.addr.to_string().c_str(), err.message().c_str());
+			else
+				joined_anywhere = true;
+		}
+		if (!joined_anywhere) throw std::runtime_error("Could not join any multicast group");
 	}
 	LOG_F(2, "%s: Started multicast udp server at %s port %d (addr %p)",
-		this->info_->name().c_str(), address.c_str(), port, (void *)this);
+		this->info_->name().c_str(), addr.to_string().c_str(), port, (void *)this);
 }
 
 // === externally issued asynchronous commands ===
diff --git a/src/udp_server.h b/src/udp_server.h
@@ -46,7 +46,7 @@ class udp_server : public std::enable_shared_from_this<udp_server> {
 	 * This server will listen on a multicast address and responds only to LSL:shortinfo requests.
 	 * This is for multicast/broadcast (and optionally unicast) local service discovery.
 	 */
-	udp_server(const stream_info_impl_p &info, asio::io_context &io, const std::string &address,
+	udp_server(const stream_info_impl_p &info, asio::io_context &io, asio::ip::address addr,
 		uint16_t port, int ttl, const std::string &listen_address);
 
 
diff --git a/testing/lslcfgs/default.cfg b/testing/lslcfgs/default.cfg
@@ -1,2 +1,4 @@
+[ports]
+IPv6=allow
 [lab]
 KnownPeers=127.0.0.1

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ resolver_impl::resolver_impl()`
`23`	`23`	`uint16_t mcast_port = cfg_->multicast_port();`
`24`	`24`	`for (const auto &mcast_addr : cfg_->multicast_addresses()) {`
`25`	`25`	`try {`
`26`		`- mcast_endpoints_.emplace_back(ip::make_address(mcast_addr), (uint16_t)mcast_port);`
	`26`	`+ mcast_endpoints_.emplace_back(mcast_addr, mcast_port);`
`27`	`27`	`} catch (std::exception &) {}`
`28`	`28`	`}`
`29`	`29`
-Original file line number
+Diff line change
@@ @@ -1,2 +1,4 @@ @@
 +[ports]
 +IPv6=allow
 [lab]
 KnownPeers=127.0.0.1