1 /**************************************************************************/
2 /* */
3 /* Copyright (c) Microsoft Corporation. All rights reserved. */
4 /* */
5 /* This software is licensed under the Microsoft Software License */
6 /* Terms for Microsoft Azure RTOS. Full text of the license can be */
7 /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */
8 /* and in the root directory of this software. */
9 /* */
10 /**************************************************************************/
11
12
13 /**************************************************************************/
14 /**************************************************************************/
15 /** */
16 /** NetX Component */
17 /** */
18 /** Internet Control Message Protocol (ICMP) */
19 /** */
20 /**************************************************************************/
21 /**************************************************************************/
22
23 #define NX_SOURCE_CODE
24
25
26 /* Include necessary system files. */
27
28 #include "nx_api.h"
29 #include "nx_ipv6.h"
30 #include "nx_icmpv6.h"
31
32 #ifdef FEATURE_NX_IPV6
33
34
35 /**************************************************************************/
36 /* */
37 /* FUNCTION RELEASE */
38 /* */
39 /* _nx_icmpv6_validate_neighbor_message PORTABLE C */
40 /* 6.1 */
41 /* AUTHOR */
42 /* */
43 /* Yuxin Zhou, Microsoft Corporation */
44 /* */
45 /* DESCRIPTION */
46 /* */
47 /* This internal function validates incoming neighbor advertisement */
48 /* message and neighbor solicitation message. */
49 /* */
50 /* INPUT */
51 /* */
52 /* packet_ptr ICMPv6 packet to validate */
53 /* */
54 /* OUTPUT */
55 /* */
56 /* NX_SUCCESS ICMPv6 options are valid */
57 /* NX_NOT_SUCCESS ICMPv6 options are invalid */
58 /* */
59 /* CALLS */
60 /* */
61 /* IPv6_Address_Type Determine address type (e.g. unicast) */
62 /* _nx_icmpv6_validate_options Validate option fields in ICMP header */
63 /* */
64 /* CALLED BY */
65 /* */
66 /* _nx_icmpv6_process_ns Process received NS packet */
67 /* _nx_icmpv6_process_na Process received NA packet */
68 /* */
69 /* RELEASE HISTORY */
70 /* */
71 /* DATE NAME DESCRIPTION */
72 /* */
73 /* 05-19-2020 Yuxin Zhou Initial Version 6.0 */
74 /* 09-30-2020 Yuxin Zhou Modified comment(s), */
75 /* resulting in version 6.1 */
76 /* */
77 /**************************************************************************/
_nx_icmpv6_validate_neighbor_message(NX_PACKET * packet_ptr)78 UINT _nx_icmpv6_validate_neighbor_message(NX_PACKET *packet_ptr)
79 {
80
81 NX_ICMPV6_ND *nd_header_ptr;
82 NX_IPV6_HEADER *ipv6_header;
83 NX_ICMPV6_OPTION *option_ptr;
84 UINT option_length;
85 UINT option_check;
86 ULONG source_address_type;
87 ULONG dest_address_type;
88
89
90 /* Points to the IPv6 header. */
91 /*lint -e{927} -e{826} suppress cast of pointer to pointer, since it is necessary */
92 ipv6_header = (NX_IPV6_HEADER *)packet_ptr -> nx_packet_ip_header;
93
94 /*
95 * Validate the IP header information.
96 * The following validation procedure is defined in RFC2461
97 * 7.1.1: Validation of Neighbor Solicitations
98 * 7.1.2: Validation of Neighbor Advertisements
99 */
100
101 /* Hop limit must be 255, I.e., the packet could not possibly have been forwarded by a router. */
102 if ((ipv6_header -> nx_ip_header_word_1 & 0xFF) != 0xFF)
103 {
104 return(NX_NOT_SUCCESSFUL);
105 }
106
107 /* Points to the ICMP message header. */
108 /*lint -e{927} -e{826} suppress cast of pointer to pointer, since it is necessary */
109 nd_header_ptr = (NX_ICMPV6_ND *)packet_ptr -> nx_packet_prepend_ptr;
110
111 /* ICMP code must be 0 */
112 if (nd_header_ptr -> nx_icmpv6_nd_header.nx_icmpv6_header_code != 0)
113 {
114 return(NX_NOT_SUCCESSFUL);
115 }
116
117 /* ICMP length (derived from the IP Length) is 24 or more. */
118 if (packet_ptr -> nx_packet_length < 24)
119 {
120 return(NX_NOT_SUCCESSFUL);
121 }
122
123 /* Target Address must not be a multicast address. */
124 if ((nd_header_ptr -> nx_icmpv6_nd_targetAddress[0] & (ULONG)0xFF000000) == (ULONG)0xFF000000)
125 {
126 return(NX_NOT_SUCCESSFUL);
127 }
128
129 /* Find out the destination IP address type. */
130 dest_address_type = IPv6_Address_Type(ipv6_header -> nx_ip_header_destination_ip);
131
132 option_check = 0;
133
134 if (nd_header_ptr -> nx_icmpv6_nd_header.nx_icmpv6_header_type == NX_ICMPV6_NEIGHBOR_SOLICITATION_TYPE)
135 {
136
137 /* Find out the source IP address type. */
138 source_address_type = IPv6_Address_Type(ipv6_header -> nx_ip_header_source_ip);
139
140 /* If the IP source address is the unspecified address, the IP destination address
141 is a solicated-node multicast address. */
142 if (source_address_type == IPV6_ADDRESS_UNSPECIFIED)
143 {
144
145 if ((dest_address_type & IPV6_SOLICITED_NODE_MCAST) != IPV6_SOLICITED_NODE_MCAST)
146 {
147 return(NX_NOT_SUCCESSFUL);
148 }
149
150 /* if the IP source address is the unspecified address, it must not contain
151 source link-layer address option in the message. */
152 option_check = NX_NO_SLLA;
153 }
154 }
155 else
156 {
157
158 /* If the IP Destination Address is a multicast address, the
159 Solicted flag must be zero. */
160 if (((ipv6_header -> nx_ip_header_destination_ip[0] & (ULONG)0xFF000000) == (ULONG)0xFF000000) &&
161 nd_header_ptr -> nx_icmpv6_nd_flag & 0x40000000)
162 {
163
164 return(NX_NOT_SUCCESSFUL);
165 }
166 }
167
168 /* Locate the option field. */
169 /*lint -e{923} suppress cast between pointer and ULONG, since it is necessary */
170 option_ptr = (NX_ICMPV6_OPTION *)NX_UCHAR_POINTER_ADD(nd_header_ptr, sizeof(NX_ICMPV6_ND));
171 option_length = (UINT)(packet_ptr -> nx_packet_length - sizeof(NX_ICMPV6_ND));
172
173 /* Validate option fields if there are any. */
174 if (option_length)
175 {
176 return(_nx_icmpv6_validate_options(option_ptr, (INT)option_length, (INT)option_check));
177 }
178
179 return(NX_SUCCESS);
180 }
181
182
183 #endif /* FEATURE_NX_IPV6 */
184
185
