[PATCH] net: Do not respond to ICMP_ECHO_REQUEST if we do not have an IP address

Tom Rini trini at konsulko.com
Tue Jan 19 21:00:53 CET 2021

On Sat, Nov 14, 2020 at 10:12:47PM -0500, David Rivshin wrote:

> From: David Rivshin <DRivshin at allworx.com>
> While doing DHCP the interface IP is set to This causes the
> check in net.c on dst_ip to be effectively skipped, and all IP datagrams
> are accepted up the IP stack. In the case of an ICMP_ECHO_REQUEST for the
> matching MAC address (regardless of destination IP), the result is that
> an ICMP_ECHO_REPLY is sent. The source address of the ICMP_ECHO_REPLY is
>, which is an illegal source address.
> This can happen in common practice with the following sequence:
> DHCP (U-Boot or OS) acquires IP address
> System reboots
> U-Boot starts DHCP and send DHCP DISCOVER
> DHCP server decides to OFFER again
>   (perhaps because of existing lease or manual configuration)
> DHCP server tries to PING to see if anyone is squatting on it
> DHCP server still has our MAC address in its ARP table for
> U-Boot receives PING, and responds with an illegal source address
> This may further result in a the DHCP server seeing the response as
>   confirmation that someone is squatting on, and picking a
>   new IP address from the pool to try again
> Signed-off-by: David Rivshin <drivshin at allworx.com>

Applied to u-boot/master, thanks!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210119/d10283d6/attachment.sig>

More information about the U-Boot mailing list