ggsn: encaps_tun: Avoid forwarding packet if EUA is unassigned, fix crash
Check (before forwarding received GTP packets into the tun) if the pdp ctx
associated with the packet requested was assigned an EUA of the given IP version.
This way we avoid for instance forwarding an IPv6 packet (or sending
back a response to a Router Solicitation packet) in case the APN was
configured without IPv6 support or if the MS/SGSN didn't ask for an IPv6
while requesting an EUA.
As a side effect, this commit fixes an OSMO_ASSERT hit introduced in handle_router_mcast
in 2d6a69e69a4b4cb2b8cc63c4810dae44e5a4d8f6 due to a deffective MS
sending an icmpv6 Router Solicitation over IPv6 after having been
requesting and assigned an IPv4 EUA (so no IPv6 packets expected).
Before that commit, there was no crash but the message was being wrongly
answered and used an uninitialized .v6 addr field from the peer struct.
Fixes: OS#2843
Change-Id: Ib6d18a64c2b71f3bcf6cb7e3a978d2d3f9c7a79b
diff --git a/ggsn/ggsn.c b/ggsn/ggsn.c
index 3e095f0..7954d5e 100644
--- a/ggsn/ggsn.c
+++ b/ggsn/ggsn.c
@@ -425,6 +425,30 @@
return false;
}
+/*! Get the peer of pdp based on IP version used.
+ * \param[in] pdp PDP context to select the peer from.
+ * \param[in] v4v6 IP version to select. Valid values are 4 and 6.
+ * \returns The selected peer matching the given IP version. NULL if not present.
+ */
+static struct ippoolm_t *pdp_get_peer_ipv(struct pdp_t *pdp, bool is_ipv6) {
+ uint8_t len1, len2, i;
+
+ if (is_ipv6) {
+ len1 = 8;
+ len2 = 16;
+ } else {
+ len1 = sizeof(struct in_addr);
+ len2 = len1;
+ }
+
+ for (i = 0; i < 2; i++) {
+ struct ippoolm_t * ippool = pdp->peer[i];
+ if (ippool && (ippool->addr.len == len1 || ippool->addr.len == len2))
+ return ippool;
+ }
+ return NULL;
+}
+
/* determine if PDP context has IPv6 support */
static bool pdp_has_v4(struct pdp_t *pdp)
{
@@ -712,6 +736,7 @@
struct ip6_hdr *ip6h = (struct ip6_hdr *)pack;
struct tun_t *tun = (struct tun_t *)pdp->ipif;
struct apn_ctx *apn = tun->priv;
+ struct ippoolm_t *peer;
OSMO_ASSERT(tun);
OSMO_ASSERT(apn);
@@ -720,11 +745,25 @@
switch (iph->version) {
case 6:
+ peer = pdp_get_peer_ipv(pdp, true);
+ if (!peer) {
+ LOGPPDP(LOGL_ERROR, pdp, "Packet from MS IPv6 with unassigned EUA: %s\n",
+ osmo_hexdump(pack, len));
+ return -1;
+ }
+
/* daddr: all-routers multicast addr */
if (IN6_ARE_ADDR_EQUAL(&ip6h->ip6_dst, &all_router_mcast_addr))
- return handle_router_mcast(pdp->gsn, pdp, &apn->v6_lladdr, pack, len);
+ return handle_router_mcast(pdp->gsn, pdp, &peer->addr.v6,
+ &apn->v6_lladdr, pack, len);
break;
case 4:
+ peer = pdp_get_peer_ipv(pdp, false);
+ if (!peer) {
+ LOGPPDP(LOGL_ERROR, pdp, "Packet from MS IPv4 with unassigned EUA: %s\n",
+ osmo_hexdump(pack, len));
+ return -1;
+ }
break;
default:
LOGPPDP(LOGL_ERROR, pdp, "Packet from MS is neither IPv4 nor IPv6: %s\n",