From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id BEE921A1E43 for ; Thu, 27 Oct 2016 03:51:45 -0700 (PDT) Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP; 27 Oct 2016 03:51:45 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,404,1473145200"; d="scan'208";a="24313902" Received: from sfu5-mobl3.ccr.corp.intel.com ([10.239.192.133]) by fmsmga005.fm.intel.com with ESMTP; 27 Oct 2016 03:51:44 -0700 From: Fu Siyuan To: edk2-devel@lists.01.org Cc: Ye Ting , Zhang Lubo , Wu Jiaxin Date: Thu, 27 Oct 2016 18:51:39 +0800 Message-Id: <1477565499-11764-4-git-send-email-siyuan.fu@intel.com> X-Mailer: git-send-email 2.7.4.windows.1 In-Reply-To: <1477565499-11764-1-git-send-email-siyuan.fu@intel.com> References: <1477565499-11764-1-git-send-email-siyuan.fu@intel.com> Subject: [PATCH v2 3/3] NetworkPkg: Update IP4 stack drivers for classless address unicast check. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2016 10:51:46 -0000 V2 update: Keep the zero address and broadcast check if network mask is not available. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Fu Siyuan Cc: Ye Ting Cc: Zhang Lubo Cc: Wu Jiaxin --- NetworkPkg/IScsiDxe/IScsiConfig.c | 16 ++++++++++---- NetworkPkg/TcpDxe/TcpMain.c | 6 ++--- NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c | 40 +++++++++++++++++++++++----------- NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c | 4 +++- 4 files changed, 45 insertions(+), 21 deletions(-) diff --git a/NetworkPkg/IScsiDxe/IScsiConfig.c b/NetworkPkg/IScsiDxe/IScsiConfig.c index 16a90a6..57571ad 100644 --- a/NetworkPkg/IScsiDxe/IScsiConfig.c +++ b/NetworkPkg/IScsiDxe/IScsiConfig.c @@ -164,7 +164,10 @@ IpIsUnicast ( ) { if (IpMode == IP_MODE_IP4) { - return NetIp4IsUnicast (NTOHL (Ip->Addr[0]), 0); + if (IP4_IS_UNSPECIFIED (NTOHL (Ip->Addr[0])) || IP4_IS_LOCAL_BROADCAST (NTOHL (Ip->Addr[0]))) { + return FALSE; + } + return TRUE; } else if (IpMode == IP_MODE_IP6) { return NetIp6IsValidUnicast (&Ip->v6); } else { @@ -2349,7 +2352,9 @@ IScsiFormCallback ( case KEY_LOCAL_IP: Status = NetLibStrToIp4 (IfrNvData->LocalIp, &HostIp.v4); - if (EFI_ERROR (Status) || !NetIp4IsUnicast (NTOHL (HostIp.Addr[0]), 0)) { + if (EFI_ERROR (Status) || + ((Private->Current->SessionConfigData.SubnetMask.Addr[0] != 0) && + !NetIp4IsUnicast (NTOHL (HostIp.Addr[0]), NTOHL(*(UINT32*)Private->Current->SessionConfigData.SubnetMask.Addr)))) { CreatePopUp ( EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, @@ -2383,7 +2388,10 @@ IScsiFormCallback ( case KEY_GATE_WAY: Status = NetLibStrToIp4 (IfrNvData->Gateway, &Gateway.v4); - if (EFI_ERROR (Status) || ((Gateway.Addr[0] != 0) && !NetIp4IsUnicast (NTOHL (Gateway.Addr[0]), 0))) { + if (EFI_ERROR (Status) || + ((Gateway.Addr[0] != 0) && + (Private->Current->SessionConfigData.SubnetMask.Addr[0] != 0) && + !NetIp4IsUnicast (NTOHL (Gateway.Addr[0]), NTOHL(*(UINT32*)Private->Current->SessionConfigData.SubnetMask.Addr)))) { CreatePopUp ( EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, @@ -2400,7 +2408,7 @@ IScsiFormCallback ( case KEY_TARGET_IP: UnicodeStrToAsciiStrS (IfrNvData->TargetIp, IpString, sizeof (IpString)); Status = IScsiAsciiStrToIp (IpString, IfrNvData->IpMode, &HostIp); - if (EFI_ERROR (Status) || !IpIsUnicast (&HostIp, IfrNvData->IpMode)) { + if (EFI_ERROR (Status) || IP4_IS_LOCAL_BROADCAST (EFI_NTOHL(HostIp.v4)) || IP4_IS_UNSPECIFIED (EFI_NTOHL(HostIp.v4))) { CreatePopUp ( EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, diff --git a/NetworkPkg/TcpDxe/TcpMain.c b/NetworkPkg/TcpDxe/TcpMain.c index 96a295a..03942ee 100644 --- a/NetworkPkg/TcpDxe/TcpMain.c +++ b/NetworkPkg/TcpDxe/TcpMain.c @@ -147,10 +147,10 @@ Tcp4Configure ( if (NULL != TcpConfigData) { CopyMem (&Ip, &TcpConfigData->AccessPoint.RemoteAddress, sizeof (IP4_ADDR)); - if ((Ip != 0) && !NetIp4IsUnicast (NTOHL (Ip), 0)) { + if (IP4_IS_LOCAL_BROADCAST (NTOHL (Ip))) { return EFI_INVALID_PARAMETER; } - + if (TcpConfigData->AccessPoint.ActiveFlag && (0 == TcpConfigData->AccessPoint.RemotePort || (Ip == 0))) { return EFI_INVALID_PARAMETER; } @@ -159,7 +159,7 @@ Tcp4Configure ( CopyMem (&Ip, &TcpConfigData->AccessPoint.StationAddress, sizeof (IP4_ADDR)); CopyMem (&SubnetMask, &TcpConfigData->AccessPoint.SubnetMask, sizeof (IP4_ADDR)); - if (!NetIp4IsUnicast (NTOHL (Ip), 0) || !IP4_IS_VALID_NETMASK (NTOHL (SubnetMask))) { + if (!IP4_IS_VALID_NETMASK (NTOHL (SubnetMask)) || !NetIp4IsUnicast (NTOHL (Ip), NTOHL (SubnetMask))) { return EFI_INVALID_PARAMETER; } } diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c b/NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c index c7c5bd6..52095c5 100644 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c @@ -856,8 +856,7 @@ EfiPxeBcMtftp ( (BufferSize == NULL) || (ServerIp == NULL) || ((BufferPtr == NULL) && DontUseBuffer) || - ((BlockSize != NULL) && (*BlockSize < PXE_MTFTP_DEFAULT_BLOCK_SIZE)) || - (!NetIp4IsUnicast (NTOHL (ServerIp->Addr[0]), 0) && !NetIp6IsValidUnicast (&ServerIp->v6))) { + ((BlockSize != NULL) && (*BlockSize < PXE_MTFTP_DEFAULT_BLOCK_SIZE))) { return EFI_INVALID_PARAMETER; } @@ -867,6 +866,16 @@ EfiPxeBcMtftp ( Mode = Private->PxeBc.Mode; if (Mode->UsingIpv6) { + if (!NetIp6IsValidUnicast (&ServerIp->v6)) { + return EFI_INVALID_PARAMETER; + } + } else { + if (IP4_IS_UNSPECIFIED (NTOHL (ServerIp->Addr[0])) || IP4_IS_LOCAL_BROADCAST (NTOHL (ServerIp->Addr[0]))) { + return EFI_INVALID_PARAMETER; + } + } + + if (Mode->UsingIpv6) { // // Set configuration data for Mtftp6 instance. // @@ -1076,7 +1085,7 @@ EfiPxeBcUdpWrite ( DoNotFragment = TRUE; } - if (!Mode->UsingIpv6 && GatewayIp != NULL && !NetIp4IsUnicast (NTOHL (GatewayIp->Addr[0]), 0)) { + if (!Mode->UsingIpv6 && GatewayIp != NULL && !NetIp4IsUnicast (NTOHL (GatewayIp->Addr[0]), EFI_NTOHL(Mode->SubnetMask))) { // // Gateway is provided but it's not a unicast IPv4 address, while it will be ignored for IPv6. // @@ -1587,13 +1596,16 @@ EfiPxeBcSetIpFilter ( // return EFI_INVALID_PARAMETER; } - if ((NewFilter->Filters & EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP) != 0 && - (NetIp4IsUnicast (EFI_IP4 (NewFilter->IpList[Index].v4), 0) || - NetIp6IsValidUnicast (&NewFilter->IpList[Index].v6))) { - // - // If EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP is set and IPv4/IPv6 address - // is in IpList, promiscuous mode is needed. - // + if (Mode->UsingIpv6) { + if ((NewFilter->Filters & EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP) != 0 && + NetIp6IsValidUnicast (&NewFilter->IpList[Index].v6)) { + NeedPromiscuous = TRUE; + } + } else if ((EFI_NTOHL(Mode->StationIp) != 0) && + (EFI_NTOHL(Mode->SubnetMask) != 0) && + IP4_NET_EQUAL(EFI_NTOHL(Mode->StationIp), EFI_NTOHL(NewFilter->IpList[Index].v4), EFI_NTOHL(Mode->SubnetMask.v4)) && + NetIp4IsUnicast (EFI_IP4 (NewFilter->IpList[Index].v4), EFI_NTOHL(Mode->SubnetMask)) && + ((NewFilter->Filters & EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP) != 0)) { NeedPromiscuous = TRUE; } } @@ -1987,9 +1999,7 @@ EfiPxeBcSetStationIP ( return EFI_INVALID_PARAMETER; } - if (NewStationIp != NULL && - (!NetIp4IsUnicast (NTOHL (NewStationIp->Addr[0]), 0) && - !NetIp6IsValidUnicast (&NewStationIp->v6))) { + if (NewStationIp != NULL && !NetIp6IsValidUnicast (&NewStationIp->v6)) { return EFI_INVALID_PARAMETER; } @@ -2003,6 +2013,10 @@ EfiPxeBcSetStationIP ( return EFI_INVALID_PARAMETER; } + if (!Mode->UsingIpv6 && NewStationIp != NULL && !NetIp4IsUnicast (NTOHL (NewStationIp->Addr[0]), NTOHL (NewSubnetMask->Addr[0]))) { + return EFI_INVALID_PARAMETER; + } + if (!Mode->Started) { return EFI_NOT_STARTED; } diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c b/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c index 3ea9518..00c652d 100644 --- a/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c @@ -258,7 +258,9 @@ PxeBcIcmpErrorDpcHandle ( } if (EFI_IP4 (RxData->Header->SourceAddress) != 0 && - !NetIp4IsUnicast (EFI_NTOHL (RxData->Header->SourceAddress), 0)) { + (NTOHL (Mode->SubnetMask.Addr[0]) != 0) && + IP4_NET_EQUAL (NTOHL(Mode->StationIp.Addr[0]), EFI_NTOHL (RxData->Header->SourceAddress), NTOHL (Mode->SubnetMask.Addr[0])) && + !NetIp4IsUnicast (EFI_NTOHL (RxData->Header->SourceAddress), NTOHL (Mode->SubnetMask.Addr[0]))) { // // The source address of the received packet should be a valid unicast address. // -- 2.7.4.windows.1