[PATCH] net: Do not respond to ICMP_ECHO_REQUEST if we do not have an IP address
Tom Rini
trini at konsulko.com
Tue Jan 19 21:00:53 CET 2021
On Sat, Nov 14, 2020 at 10:12:47PM -0500, David Rivshin wrote:
> From: David Rivshin <DRivshin at allworx.com>
>
> While doing DHCP the interface IP is set to 0.0.0.0. This causes the
> check in net.c on dst_ip to be effectively skipped, and all IP datagrams
> are accepted up the IP stack. In the case of an ICMP_ECHO_REQUEST for the
> matching MAC address (regardless of destination IP), the result is that
> an ICMP_ECHO_REPLY is sent. The source address of the ICMP_ECHO_REPLY is
> 0.0.0.0, which is an illegal source address.
>
> This can happen in common practice with the following sequence:
> DHCP (U-Boot or OS) acquires IP address 10.0.0.1
> System reboots
> U-Boot starts DHCP and send DHCP DISCOVER
> DHCP server decides to OFFER 10.0.0.1 again
> (perhaps because of existing lease or manual configuration)
> DHCP server tries to PING 10.0.0.1 to see if anyone is squatting on it
> DHCP server still has our MAC address in its ARP table for 10.0.0.1
> U-Boot receives PING, and responds with an illegal source address
> This may further result in a the DHCP server seeing the response as
> confirmation that someone is squatting on 10.0.0.1, and picking a
> new IP address from the pool to try again
>
> Signed-off-by: David Rivshin <drivshin at allworx.com>
Applied to u-boot/master, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210119/d10283d6/attachment.sig>
More information about the U-Boot
mailing list