Page MenuHomeFreeBSD

Invalid addresses in sending or connecting
ClosedPublic

Authored by rrs on May 15 2020, 12:41 PM.
Tags
None
Referenced Files
F103540470: D24852.id71988.diff
Tue, Nov 26, 6:58 AM
Unknown Object (File)
Tue, Nov 5, 12:13 PM
Unknown Object (File)
Mon, Oct 28, 12:02 PM
Unknown Object (File)
Mon, Oct 28, 7:06 AM
Unknown Object (File)
Oct 20 2024, 3:53 PM
Unknown Object (File)
Oct 20 2024, 3:53 PM
Unknown Object (File)
Oct 20 2024, 3:53 PM
Unknown Object (File)
Sep 30 2024, 11:04 AM

Details

Summary

Address 0.0.0.0 and 255.255.255.255 really should not be allowed to be sent
to in TCP but somehow this is overlooked. This patch fixes that.

Test Plan

Make sure we can no longer try to connect to or send to 0.0.0.0 or 255.255.255.255 with pkt-drill or any other favorite tooling

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

rrs requested review of this revision.May 15 2020, 12:41 PM
rrs created this revision.
rscheff added inline comments.
tcp_usrreq.c
547

Do you want to use INADDR_ANY and INADDR_BROADCAST here instead of the hardcoded numericals?

(Why is the reviews context missing when you generate a Diff, rrs@?)

In the inet6 case below, should IN6_IS_ADDR_UNSPECIFIED (::) also be excluded?

This revision was not accepted when it landed; it landed in state Needs Review.May 15 2020, 2:00 PM
This revision was automatically updated to reflect the committed changes.
tcp_usrreq.c
547

I guess using the constants if preferred.

Regarding the IPv6 question. The wirdcard address gets automagically transformed to the loopback address. See in6_pcb.c:378.

I guess the missing context is due to the usage of simply svn diff without requesting the context.

A commit (rS361080) referenced this Diff due to a mistype, binding the wrong commit here., when D24826 should have been targeted. Reopening, so this actual issue doesn't drop to the floor.

rscheff requested changes to this revision.May 15 2020, 7:46 PM

@rrs can you please re-upload the Diff, with the defined constants from in.h instead of hardcoded numbers.

I don't know how to bind the older (actual) Diff back here, when the commit bound this to a different Diff...

This revision now requires changes to proceed.May 15 2020, 7:46 PM

0.0.0.0 and :: are unicast addresses, and it's a bit unclear to me why transport protocol would want to decide that some underlying addresses are invalid. They also work in some other operating systems.
255.255.255.255 is indeed broadcast and not intended to use with TCP, but the same argument can be made around multicast address range. Do we want to include it as well?

Could you please add a reference to any standard explaining why these should be prohibited?

TCP is strictly unicast connection oriented. There are other protocols to implement reliable transport over multicast (eg RFC3208). TCP simply does not work with a multicast address as either source or destination, since there are no mechanisms to arbitrate between one-to-many and then many-to-one responses.

Multicast is already restricted in the code (see https://reviews.freebsd.org/source/src/browse/head/sys/netinet/tcp_usrreq.c$323) for both IPv4 and IPv6.

Incoming packets should never contain the placeholder value INADDR_ANY (0.0.0.0 or :: ) but always be resolved to an actual (unicast) address.

For some reason, https://reviews.freebsd.org/D24852?id=71820 does not show any context though.

Hmm I somehow got the wrong patch here.

tcp_usrreq.c
547

Yeah I should use those.

Note that we don't want to commit these for a while since skyzaller uses these addresses but it
is something we should do.

This revision is now accepted and ready to land.May 19 2020, 2:46 PM

Sorry to have overlooked this inconsistency earlier.