Harald Welte has submitted this change and it was merged.
Change subject: ggsn: Validate packet src addr from MS
......................................................................
ggsn: Validate packet src addr from MS
Closes: OS#2422
Change-Id: Ie658a7f161103bb6f631ab0508e45e55fb42a442
---
M ggsn/ggsn.c
M gtp/gtp.c
2 files changed, 19 insertions(+), 1 deletion(-)
Approvals:
Max: Looks good to me, but someone else must approve
Harald Welte: Looks good to me, approved
Jenkins Builder: Verified
diff --git a/ggsn/ggsn.c b/ggsn/ggsn.c
index 7954d5e..6645d4c 100644
--- a/ggsn/ggsn.c
+++ b/ggsn/ggsn.c
@@ -736,7 +736,9 @@
struct ip6_hdr *ip6h = (struct ip6_hdr *)pack;
struct tun_t *tun = (struct tun_t *)pdp->ipif;
struct apn_ctx *apn = tun->priv;
+ char straddr[INET6_ADDRSTRLEN];
struct ippoolm_t *peer;
+ uint8_t pref_offset;
OSMO_ASSERT(tun);
OSMO_ASSERT(apn);
@@ -752,6 +754,16 @@
return -1;
}
+ /* Validate packet comes from IPaddr assigned to the pdp ctx.
+ If packet is a LL addr, then EUA is in the lower 64 bits,
+ otherwise it's used as the 64 prefix */
+ pref_offset = IN6_IS_ADDR_LINKLOCAL(&ip6h->ip6_src) ? 8 : 0;
+ if (memcmp(((uint8_t*)&ip6h->ip6_src) + pref_offset,
&peer->addr.v6, 8)) {
+ LOGPPDP(LOGL_ERROR, pdp, "Packet from MS using
unassigned src IPv6: %s\n",
+ inet_ntop(AF_INET6, &ip6h->ip6_src, straddr,
sizeof(straddr)));
+ return -1;
+ }
+
/* daddr: all-routers multicast addr */
if (IN6_ARE_ADDR_EQUAL(&ip6h->ip6_dst, &all_router_mcast_addr))
return handle_router_mcast(pdp->gsn, pdp,
&peer->addr.v6,
@@ -764,6 +776,13 @@
osmo_hexdump(pack, len));
return -1;
}
+
+ /* Validate packet comes from IPaddr assigned to the pdp ctx */
+ if (memcmp(&iph->saddr, &peer->addr.v4, sizeof(peer->addr.v4)))
{
+ LOGPPDP(LOGL_ERROR, pdp, "Packet from MS using
unassigned src IPv4: %s\n",
+ inet_ntop(AF_INET, &iph->saddr, straddr,
sizeof(straddr)));
+ return -1;
+ }
break;
default:
LOGPPDP(LOGL_ERROR, pdp, "Packet from MS is neither IPv4 nor
IPv6: %s\n",
diff --git a/gtp/gtp.c b/gtp/gtp.c
index 2abc32e..42e84a7 100644
--- a/gtp/gtp.c
+++ b/gtp/gtp.c
@@ -2698,7 +2698,6 @@
int hlen;
- /* Need to include code to verify packet src and dest addresses */
struct pdp_t *pdp;
switch (version) {
--
To view, visit https://gerrit.osmocom.org/6099
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ie658a7f161103bb6f631ab0508e45e55fb42a442
Gerrit-PatchSet: 3
Gerrit-Project: osmo-ggsn
Gerrit-Branch: master
Gerrit-Owner: Pau Espin Pedrol <[email protected]>
Gerrit-Reviewer: Harald Welte <[email protected]>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Max <[email protected]>
