Skip to content

Commit d27ec10

Browse files
gasbytesgasbytes
committed
Set the IP DF bit on locally-originated ICMP replies in wolfIP_send_ttl_exceeded,
wolfIP_send_port_unreachable, and the icmp_input echo-reply path to match the tcp_send_reset_reply precedent, with three new *_sets_df tests pinning the contract.
1 parent 45e9fd2 commit d27ec10

5 files changed

Lines changed: 87 additions & 0 deletions

File tree

src/test/unit/unit.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -126,6 +126,7 @@ Suite *wolf_suite(void)
126126
#endif
127127
tcase_add_test(tc_utils, test_wolfip_send_port_unreachable_ignores_missing_link_sender);
128128
tcase_add_test(tc_utils, test_wolfip_send_port_unreachable_non_ethernet_skips_eth_filter);
129+
tcase_add_test(tc_utils, test_wolfip_send_port_unreachable_sets_df);
129130
tcase_add_test(tc_utils, test_tcp_adv_win_clamps_and_applies_window_scale);
130131
tcase_add_test(tc_utils, test_tcp_segment_acceptable_zero_window_and_overlap_cases);
131132
tcase_add_test(tc_utils, test_tcp_segment_acceptable_counts_syn_in_segment_length);
@@ -655,6 +656,7 @@ Suite *wolf_suite(void)
655656
tcase_add_test(tc_proto, test_send_ttl_exceeded_eth_filter_drop);
656657
tcase_add_test(tc_proto, test_send_ttl_exceeded_no_send);
657658
tcase_add_test(tc_proto, test_send_ttl_exceeded_non_ethernet_skips_eth_filter);
659+
tcase_add_test(tc_proto, test_send_ttl_exceeded_sets_df);
658660
#if WOLFIP_ENABLE_FORWARDING
659661
tcase_add_test(tc_proto, test_wolfip_forward_ttl_exceeded_short_len_does_not_send);
660662
#endif
@@ -772,6 +774,7 @@ Suite *wolf_suite(void)
772774
tcase_add_test(tc_proto, test_icmp_socket_send_recv);
773775
tcase_add_test(tc_proto, test_icmp_input_echo_reply_queues);
774776
tcase_add_test(tc_proto, test_icmp_input_echo_request_reply_sent);
777+
tcase_add_test(tc_proto, test_icmp_input_echo_reply_sets_df);
775778
tcase_add_test(tc_proto, test_icmp_input_echo_request_bad_checksum_dropped);
776779
tcase_add_test(tc_proto, test_icmp_input_echo_request_odd_len_reply_checksum);
777780
tcase_add_test(tc_proto, test_icmp_input_echo_request_dhcp_running_no_reply);

src/test/unit/unit_tests_dns_dhcp.c

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1758,6 +1758,37 @@ START_TEST(test_icmp_input_echo_request_reply_sent)
17581758
}
17591759
END_TEST
17601760

1761+
START_TEST(test_icmp_input_echo_reply_sets_df)
1762+
{
1763+
struct wolfIP s;
1764+
struct wolfIP_icmp_packet icmp;
1765+
struct wolfIP_icmp_packet *reply;
1766+
uint32_t frame_len;
1767+
1768+
wolfIP_init(&s);
1769+
mock_link_init(&s);
1770+
s.dhcp_state = DHCP_OFF;
1771+
wolfIP_filter_set_callback(NULL, NULL);
1772+
last_frame_sent_size = 0;
1773+
1774+
memset(&icmp, 0, sizeof(icmp));
1775+
icmp.ip.src = ee32(0x0A000002U);
1776+
icmp.ip.dst = ee32(0x0A000001U);
1777+
icmp.ip.ttl = 1;
1778+
icmp.ip.len = ee16(IP_HEADER_LEN + ICMP_HEADER_LEN);
1779+
icmp.ip.flags_fo = 0;
1780+
icmp.type = ICMP_ECHO_REQUEST;
1781+
icmp.csum = ee16(icmp_checksum(&icmp, ICMP_HEADER_LEN));
1782+
frame_len = (uint32_t)(ETH_HEADER_LEN + IP_HEADER_LEN + ICMP_HEADER_LEN);
1783+
1784+
icmp_input(&s, TEST_PRIMARY_IF, (struct wolfIP_ip_packet *)&icmp, frame_len);
1785+
ck_assert_uint_gt(last_frame_sent_size, 0);
1786+
reply = (struct wolfIP_icmp_packet *)last_frame_sent;
1787+
ck_assert_uint_eq(reply->type, ICMP_ECHO_REPLY);
1788+
ck_assert_uint_eq(ee16(reply->ip.flags_fo) & 0x4000U, 0x4000U);
1789+
}
1790+
END_TEST
1791+
17611792
START_TEST(test_icmp_input_echo_request_bad_checksum_dropped)
17621793
{
17631794
struct wolfIP s;

src/test/unit/unit_tests_proto.c

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3329,6 +3329,30 @@ START_TEST(test_wolfip_send_port_unreachable_non_ethernet_skips_eth_filter)
33293329
}
33303330
END_TEST
33313331

3332+
START_TEST(test_wolfip_send_port_unreachable_sets_df)
3333+
{
3334+
struct wolfIP s;
3335+
uint8_t orig_buf[ETH_HEADER_LEN + TTL_EXCEEDED_ORIG_PACKET_SIZE_DEFAULT];
3336+
struct wolfIP_ip_packet *orig = (struct wolfIP_ip_packet *)orig_buf;
3337+
struct wolfIP_icmp_dest_unreachable_packet *reply;
3338+
3339+
wolfIP_init(&s);
3340+
mock_link_init(&s);
3341+
wolfIP_ipconfig_set(&s, 0x0A000001U, 0xFFFFFF00U, 0);
3342+
last_frame_sent_size = 0;
3343+
3344+
memset(orig_buf, 0, sizeof(orig_buf));
3345+
orig->ver_ihl = 0x45;
3346+
orig->src = ee32(0x0A000002U);
3347+
orig->dst = ee32(0x0A000001U);
3348+
3349+
wolfIP_send_port_unreachable(&s, TEST_PRIMARY_IF, orig);
3350+
ck_assert_uint_gt(last_frame_sent_size, 0U);
3351+
reply = (struct wolfIP_icmp_dest_unreachable_packet *)last_frame_sent;
3352+
ck_assert_uint_eq(ee16(reply->ip.flags_fo) & 0x4000U, 0x4000U);
3353+
}
3354+
END_TEST
3355+
33323356
START_TEST(test_tcp_adv_win_clamps_and_applies_window_scale)
33333357
{
33343358
struct tsocket ts;

src/test/unit/unit_tests_tcp_ack.c

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2457,6 +2457,32 @@ START_TEST(test_send_ttl_exceeded_non_ethernet_skips_eth_filter)
24572457
}
24582458
END_TEST
24592459

2460+
START_TEST(test_send_ttl_exceeded_sets_df)
2461+
{
2462+
struct wolfIP s;
2463+
uint8_t ip_buf[ETH_HEADER_LEN + TTL_EXCEEDED_ORIG_PACKET_SIZE_DEFAULT];
2464+
struct wolfIP_ip_packet *ip = (struct wolfIP_ip_packet *)ip_buf;
2465+
struct wolfIP_icmp_ttl_exceeded_packet *reply;
2466+
2467+
wolfIP_init(&s);
2468+
mock_link_init(&s);
2469+
wolfIP_ipconfig_set(&s, 0x0A000001U, 0xFFFFFF00U, 0);
2470+
wolfIP_filter_set_callback(NULL, NULL);
2471+
last_frame_sent_size = 0;
2472+
2473+
memset(ip_buf, 0, sizeof(ip_buf));
2474+
memcpy(ip->eth.src, "\x01\x02\x03\x04\x05\x06", 6);
2475+
ip->ver_ihl = 0x45;
2476+
ip->src = ee32(0x0A000002U);
2477+
ip->dst = ee32(0x0A000001U);
2478+
2479+
wolfIP_send_ttl_exceeded(&s, TEST_PRIMARY_IF, ip);
2480+
ck_assert_uint_gt(last_frame_sent_size, 0U);
2481+
reply = (struct wolfIP_icmp_ttl_exceeded_packet *)last_frame_sent;
2482+
ck_assert_uint_eq(ee16(reply->ip.flags_fo) & 0x4000U, 0x4000U);
2483+
}
2484+
END_TEST
2485+
24602486
#if WOLFIP_ENABLE_FORWARDING
24612487
START_TEST(test_wolfip_forward_ttl_exceeded_short_len_does_not_send)
24622488
{

src/wolfip.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1829,6 +1829,7 @@ static void wolfIP_send_ttl_exceeded(struct wolfIP *s, unsigned int if_idx,
18291829
icmp.csum = ee16(icmp_checksum((struct wolfIP_icmp_packet *)&icmp,
18301830
icmp_data_len));
18311831
icmp.ip.ver_ihl = 0x45;
1832+
icmp.ip.flags_fo = ee16(0x4000U);
18321833
icmp.ip.ttl = 64;
18331834
icmp.ip.proto = WI_IPPROTO_ICMP;
18341835
icmp.ip.id = ipcounter_next(s);
@@ -1900,6 +1901,7 @@ static void wolfIP_send_port_unreachable(struct wolfIP *s, unsigned int if_idx,
19001901
icmp.csum = ee16(icmp_checksum((struct wolfIP_icmp_packet *)&icmp,
19011902
icmp_data_len));
19021903
icmp.ip.ver_ihl = 0x45;
1904+
icmp.ip.flags_fo = ee16(0x4000U);
19031905
icmp.ip.ttl = 64;
19041906
icmp.ip.proto = WI_IPPROTO_ICMP;
19051907
icmp.ip.id = ipcounter_next(s);
@@ -6573,6 +6575,7 @@ static void icmp_input(struct wolfIP *s, unsigned int if_idx, struct wolfIP_ip_p
65736575
ip->dst = tmp;
65746576
ip->ttl = 64;
65756577
ip->id = ipcounter_next(s);
6578+
ip->flags_fo = ee16(0x4000U);
65766579
ip->csum = 0;
65776580
iphdr_set_checksum(ip);
65786581
#ifdef ETHERNET

0 commit comments

Comments
 (0)