ipv6: check hbh before checking IPv6 addr.

With IPv6, the hop-by-hop option should be checked allong every node on
the route. Only then the IPv6 destination address is checked.

ip(hbh): return Param Problem for some options

For some options, a ICMP parameter problem needs to be transmitted back
to the source.

Author: thvdveld

src/iface/interface/ipv6.rs

@@ -11,6 +11,24 @@ use crate::socket::AnySocket;
 use crate::phy::PacketMeta;
 use crate::wire::*;
 
+/// Enum used for the process_hopbyhop function. In some cases, when discarding a packet, an ICMMP
+/// parameter problem message needs to be transmitted to the source of the address. In other cases,
+/// the processing of the IP packet can continue.
+#[allow(clippy::large_enum_variant)]
+enum HopByHopResponse<'frame> {
+    /// Continue processing the IPv6 packet.
+    Continue((IpProtocol, &'frame [u8])),
+    /// Discard the packet and maybe send back an ICMPv6 packet.
+    Discard(Option<IpPacket<'frame>>),
+}
+
+// We implement `Default` such that we can use the check! macro.
+impl Default for HopByHopResponse<'_> {
+    fn default() -> Self {
+        Self::Discard(None)
+    }
+}
+
 impl InterfaceInner {
     pub(super) fn process_ipv6<'frame>(
         &mut self,
@@ -26,7 +44,19 @@ impl InterfaceInner {
             return None;
         }
 
-        let ip_payload = ipv6_packet.payload();
+        let (next_header, ip_payload) = if ipv6_repr.next_header == IpProtocol::HopByHop {
+            match self.process_hopbyhop(ipv6_repr, ipv6_packet.payload()) {
+                HopByHopResponse::Discard(e) => return e,
+                HopByHopResponse::Continue(next) => next,
+            }
+        } else {
+            (ipv6_repr.next_header, ipv6_packet.payload())
+        };
+
+        if !self.has_ip_addr(ipv6_repr.dst_addr) && !self.has_multicast_group(ipv6_repr.dst_addr) {
+            net_trace!("packet IP address not for this interface");
+            return None;
+        }
 
         #[cfg(feature = "socket-raw")]
         let handled_by_raw_socket = self.raw_socket_filter(sockets, &ipv6_repr.into(), ip_payload);
@@ -37,15 +67,71 @@ impl InterfaceInner {
             sockets,
             meta,
             ipv6_repr,
-            ipv6_repr.next_header,
+            next_header,
             handled_by_raw_socket,
             ip_payload,
         )
     }
 
+    fn process_hopbyhop<'frame>(
+        &mut self,
+        ipv6_repr: Ipv6Repr,
+        ip_payload: &'frame [u8],
+    ) -> HopByHopResponse<'frame> {
+        let param_problem = || {
+            let payload_len =
+                icmp_reply_payload_len(ip_payload.len(), IPV6_MIN_MTU, ipv6_repr.buffer_len());
+            self.icmpv6_reply(
+                ipv6_repr,
+                Icmpv6Repr::ParamProblem {
+                    reason: Icmpv6ParamProblem::UnrecognizedOption,
+                    pointer: ipv6_repr.buffer_len() as u32,
+                    header: ipv6_repr,
+                    data: &ip_payload[0..payload_len],
+                },
+            )
+        };
+
+        let ext_hdr = check!(Ipv6ExtHeader::new_checked(ip_payload));
+        let ext_repr = check!(Ipv6ExtHeaderRepr::parse(&ext_hdr));
+        let hbh_hdr = check!(Ipv6HopByHopHeader::new_checked(ext_repr.data));
+        let hbh_repr = check!(Ipv6HopByHopRepr::parse(&hbh_hdr));
+
+        for opt_repr in &hbh_repr.options {
+            match opt_repr {
+                Ipv6OptionRepr::Pad1 | Ipv6OptionRepr::PadN(_) => (),
+                #[cfg(feature = "proto-rpl")]
+                Ipv6OptionRepr::Rpl(_) => {}
+
+                Ipv6OptionRepr::Unknown { type_, .. } => {
+                    match Ipv6OptionFailureType::from(*type_) {
+                        Ipv6OptionFailureType::Skip => (),
+                        Ipv6OptionFailureType::Discard => {
+                            return HopByHopResponse::Discard(None);
+                        }
+                        Ipv6OptionFailureType::DiscardSendAll => {
+                            return HopByHopResponse::Discard(param_problem());
+                        }
+                        Ipv6OptionFailureType::DiscardSendUnicast
+                            if !ipv6_repr.dst_addr.is_multicast() =>
+                        {
+                            return HopByHopResponse::Discard(param_problem());
+                        }
+                        _ => unreachable!(),
+                    }
+                }
+            }
+        }
+
+        HopByHopResponse::Continue((
+            ext_repr.next_header,
+            &ip_payload[ext_repr.header_len() + ext_repr.data.len()..],
+        ))
+    }
+
     /// Given the next header value forward the payload onto the correct process
     /// function.
-    pub(super) fn process_nxt_hdr<'frame>(
+    fn process_nxt_hdr<'frame>(
         &mut self,
         sockets: &mut SocketSet,
         meta: PacketMeta,
@@ -81,10 +167,6 @@ impl InterfaceInner {
             #[cfg(feature = "socket-tcp")]
             IpProtocol::Tcp => self.process_tcp(sockets, ipv6_repr.into(), ip_payload),
 
-            IpProtocol::HopByHop => {
-                self.process_hopbyhop(sockets, meta, ipv6_repr, handled_by_raw_socket, ip_payload)
-            }
-
             #[cfg(feature = "socket-raw")]
             _ if handled_by_raw_socket => None,
 
@@ -235,70 +317,27 @@ impl InterfaceInner {
         }
     }
 
-    pub(super) fn process_hopbyhop<'frame>(
-        &mut self,
-        sockets: &mut SocketSet,
-        meta: PacketMeta,
-        ipv6_repr: Ipv6Repr,
-        handled_by_raw_socket: bool,
-        ip_payload: &'frame [u8],
-    ) -> Option<IpPacket<'frame>> {
-        let ext_hdr = check!(Ipv6ExtHeader::new_checked(ip_payload));
-        let ext_repr = check!(Ipv6ExtHeaderRepr::parse(&ext_hdr));
-        let hbh_hdr = check!(Ipv6HopByHopHeader::new_checked(ext_repr.data));
-        let hbh_repr = check!(Ipv6HopByHopRepr::parse(&hbh_hdr));
-
-        for opt_repr in &hbh_repr.options {
-            match opt_repr {
-                Ipv6OptionRepr::Pad1 | Ipv6OptionRepr::PadN(_) => (),
-                #[cfg(feature = "proto-rpl")]
-                Ipv6OptionRepr::Rpl(_) => {}
-
-                Ipv6OptionRepr::Unknown { type_, .. } => {
-                    match Ipv6OptionFailureType::from(*type_) {
-                        Ipv6OptionFailureType::Skip => (),
-                        Ipv6OptionFailureType::Discard => {
-                            return None;
-                        }
-                        _ => {
-                            // FIXME(dlrobertson): Send an ICMPv6 parameter problem message
-                            // here.
-                            return None;
-                        }
-                    }
-                }
-            }
-        }
-        self.process_nxt_hdr(
-            sockets,
-            meta,
-            ipv6_repr,
-            ext_repr.next_header,
-            handled_by_raw_socket,
-            &ip_payload[ext_repr.header_len() + ext_repr.data.len()..],
-        )
-    }
-
     pub(super) fn icmpv6_reply<'frame, 'icmp: 'frame>(
         &self,
         ipv6_repr: Ipv6Repr,
         icmp_repr: Icmpv6Repr<'icmp>,
     ) -> Option<IpPacket<'frame>> {
-        if ipv6_repr.dst_addr.is_unicast() {
-            let ipv6_reply_repr = Ipv6Repr {
-                src_addr: ipv6_repr.dst_addr,
-                dst_addr: ipv6_repr.src_addr,
-                next_header: IpProtocol::Icmpv6,
-                payload_len: icmp_repr.buffer_len(),
-                hop_limit: 64,
-            };
-            Some(IpPacket::new_ipv6(
-                ipv6_reply_repr,
-                IpPayload::Icmpv6(icmp_repr),
-            ))
+        let src_addr = if ipv6_repr.dst_addr.is_unicast() {
+            ipv6_repr.dst_addr
         } else {
-            // Do not send any ICMP replies to a broadcast destination address.
-            None
-        }
+            self.ipv6_addr().unwrap()
+        };
+
+        let ipv6_reply_repr = Ipv6Repr {
+            src_addr,
+            dst_addr: ipv6_repr.src_addr,
+            next_header: IpProtocol::Icmpv6,
+            payload_len: icmp_repr.buffer_len(),
+            hop_limit: 64,
+        };
+        Some(IpPacket::new_ipv6(
+            ipv6_reply_repr,
+            IpPayload::Icmpv6(icmp_repr),
+        ))
     }
 }

src/iface/interface/mod.rs

@@ -1071,11 +1071,7 @@ impl InterfaceInner {
             #[cfg(feature = "proto-rpl")]
             IpAddress::Ipv6(Ipv6Address::LINK_LOCAL_ALL_RPL_NODES) => true,
             #[cfg(feature = "proto-ipv6")]
-            IpAddress::Ipv6(addr) => self.ip_addrs.iter().any(|a| match a.address() {
-                IpAddress::Ipv6(a) => a.solicited_node() == addr,
-                #[allow(unreachable_patterns)]
-                _ => false,
-            }),
+            IpAddress::Ipv6(addr) => self.has_solicited_node(addr),
             #[allow(unreachable_patterns)]
             _ => false,
         }