Re: [PATCH v2 3/3] NetworkPkg: Update IP4 stack drivers for classless address unicast check.

From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
To: "Fu, Siyuan" <siyuan.fu@intel.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Ye, Ting" <ting.ye@intel.com>, "Zhang, Lubo" <lubo.zhang@intel.com>
Subject: Re: [PATCH v2 3/3] NetworkPkg: Update IP4 stack drivers for classless address unicast check.
Date: Fri, 28 Oct 2016 02:52:39 +0000	[thread overview]
Message-ID: <895558F6EA4E3B41AC93A00D163B72741389FE86@SHSMSX103.ccr.corp.intel.com> (raw)
In-Reply-To: <1477565499-11764-4-git-send-email-siyuan.fu@intel.com>

Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>

Best Regards!
Jiaxin

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Fu
> Siyuan
> Sent: Thursday, October 27, 2016 6:52 PM
> To: edk2-devel@lists.01.org
> Cc: Ye, Ting <ting.ye@intel.com>; Zhang, Lubo <lubo.zhang@intel.com>; Wu,
> Jiaxin <jiaxin.wu@intel.com>
> Subject: [edk2] [PATCH v2 3/3] NetworkPkg: Update IP4 stack drivers for
> classless address unicast check.
> 
> V2 update:
> Keep the zero address and broadcast check if network mask is not available.
> 
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
> Cc: Ye Ting <ting.ye@intel.com>
> Cc: Zhang Lubo <lubo.zhang@intel.com>
> Cc: Wu Jiaxin <jiaxin.wu@intel.com>
> ---
>  NetworkPkg/IScsiDxe/IScsiConfig.c      | 16 ++++++++++----
>  NetworkPkg/TcpDxe/TcpMain.c            |  6 ++---
>  NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c    | 40 +++++++++++++++++++++++----
> -------
>  NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c |  4 +++-
>  4 files changed, 45 insertions(+), 21 deletions(-)
> 
> diff --git a/NetworkPkg/IScsiDxe/IScsiConfig.c
> b/NetworkPkg/IScsiDxe/IScsiConfig.c
> index 16a90a6..57571ad 100644
> --- a/NetworkPkg/IScsiDxe/IScsiConfig.c
> +++ b/NetworkPkg/IScsiDxe/IScsiConfig.c
> @@ -164,7 +164,10 @@ IpIsUnicast (
>    )
>  {
>    if (IpMode == IP_MODE_IP4) {
> -    return NetIp4IsUnicast (NTOHL (Ip->Addr[0]), 0);
> +    if (IP4_IS_UNSPECIFIED (NTOHL (Ip->Addr[0])) ||
> IP4_IS_LOCAL_BROADCAST (NTOHL (Ip->Addr[0])))   {
> +      return FALSE;
> +    }
> +    return TRUE;
>    } else if (IpMode == IP_MODE_IP6) {
>      return NetIp6IsValidUnicast (&Ip->v6);
>    } else {
> @@ -2349,7 +2352,9 @@ IScsiFormCallback (
> 
>      case KEY_LOCAL_IP:
>        Status = NetLibStrToIp4 (IfrNvData->LocalIp, &HostIp.v4);
> -      if (EFI_ERROR (Status) || !NetIp4IsUnicast (NTOHL (HostIp.Addr[0]), 0)) {
> +      if (EFI_ERROR (Status) ||
> +          ((Private->Current->SessionConfigData.SubnetMask.Addr[0] != 0) &&
> +           !NetIp4IsUnicast (NTOHL (HostIp.Addr[0]),
> + NTOHL(*(UINT32*)Private->Current->SessionConfigData.SubnetMask.Addr)))
> + ) {
>          CreatePopUp (
>            EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
>            &Key,
> @@ -2383,7 +2388,10 @@ IScsiFormCallback (
> 
>      case KEY_GATE_WAY:
>        Status = NetLibStrToIp4 (IfrNvData->Gateway, &Gateway.v4);
> -      if (EFI_ERROR (Status) || ((Gateway.Addr[0] != 0) && !NetIp4IsUnicast
> (NTOHL (Gateway.Addr[0]), 0))) {
> +      if (EFI_ERROR (Status) ||
> +          ((Gateway.Addr[0] != 0) &&
> +           (Private->Current->SessionConfigData.SubnetMask.Addr[0] != 0) &&
> +           !NetIp4IsUnicast (NTOHL (Gateway.Addr[0]),
> + NTOHL(*(UINT32*)Private->Current->SessionConfigData.SubnetMask.Addr)))
> + ) {
>          CreatePopUp (
>            EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
>            &Key,
> @@ -2400,7 +2408,7 @@ IScsiFormCallback (
>      case KEY_TARGET_IP:
>        UnicodeStrToAsciiStrS (IfrNvData->TargetIp, IpString, sizeof (IpString));
>        Status = IScsiAsciiStrToIp (IpString, IfrNvData->IpMode, &HostIp);
> -      if (EFI_ERROR (Status) || !IpIsUnicast (&HostIp, IfrNvData->IpMode)) {
> +      if (EFI_ERROR (Status) || IP4_IS_LOCAL_BROADCAST
> + (EFI_NTOHL(HostIp.v4)) || IP4_IS_UNSPECIFIED (EFI_NTOHL(HostIp.v4))) {
>          CreatePopUp (
>            EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
>            &Key,
> diff --git a/NetworkPkg/TcpDxe/TcpMain.c b/NetworkPkg/TcpDxe/TcpMain.c
> index 96a295a..03942ee 100644
> --- a/NetworkPkg/TcpDxe/TcpMain.c
> +++ b/NetworkPkg/TcpDxe/TcpMain.c
> @@ -147,10 +147,10 @@ Tcp4Configure (
>    if (NULL != TcpConfigData) {
> 
>      CopyMem (&Ip, &TcpConfigData->AccessPoint.RemoteAddress, sizeof
> (IP4_ADDR));
> -    if ((Ip != 0) && !NetIp4IsUnicast (NTOHL (Ip), 0)) {
> +    if (IP4_IS_LOCAL_BROADCAST (NTOHL (Ip))) {
>        return EFI_INVALID_PARAMETER;
>      }
> -
> +
>      if (TcpConfigData->AccessPoint.ActiveFlag && (0 == TcpConfigData-
> >AccessPoint.RemotePort || (Ip == 0))) {
>        return EFI_INVALID_PARAMETER;
>      }
> @@ -159,7 +159,7 @@ Tcp4Configure (
> 
>        CopyMem (&Ip, &TcpConfigData->AccessPoint.StationAddress, sizeof
> (IP4_ADDR));
>        CopyMem (&SubnetMask, &TcpConfigData->AccessPoint.SubnetMask,
> sizeof (IP4_ADDR));
> -      if (!NetIp4IsUnicast (NTOHL (Ip), 0) || !IP4_IS_VALID_NETMASK (NTOHL
> (SubnetMask))) {
> +      if (!IP4_IS_VALID_NETMASK (NTOHL (SubnetMask)) ||
> + !NetIp4IsUnicast (NTOHL (Ip), NTOHL (SubnetMask))) {
>          return EFI_INVALID_PARAMETER;
>        }
>      }
> diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c
> b/NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c
> index c7c5bd6..52095c5 100644
> --- a/NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c
> +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcImpl.c
> @@ -856,8 +856,7 @@ EfiPxeBcMtftp (
>        (BufferSize == NULL) ||
>        (ServerIp == NULL) ||
>        ((BufferPtr == NULL) && DontUseBuffer) ||
> -      ((BlockSize != NULL) && (*BlockSize < PXE_MTFTP_DEFAULT_BLOCK_SIZE))
> ||
> -      (!NetIp4IsUnicast (NTOHL (ServerIp->Addr[0]), 0) && !NetIp6IsValidUnicast
> (&ServerIp->v6))) {
> +      ((BlockSize != NULL) && (*BlockSize <
> + PXE_MTFTP_DEFAULT_BLOCK_SIZE))) {
>      return EFI_INVALID_PARAMETER;
>    }
> 
> @@ -867,6 +866,16 @@ EfiPxeBcMtftp (
>    Mode      = Private->PxeBc.Mode;
> 
>    if (Mode->UsingIpv6) {
> +    if (!NetIp6IsValidUnicast (&ServerIp->v6)) {
> +      return EFI_INVALID_PARAMETER;
> +    }
> +  } else {
> +    if (IP4_IS_UNSPECIFIED (NTOHL (ServerIp->Addr[0])) ||
> IP4_IS_LOCAL_BROADCAST (NTOHL (ServerIp->Addr[0])))   {
> +      return EFI_INVALID_PARAMETER;
> +    }
> +  }
> +
> +  if (Mode->UsingIpv6) {
>      //
>      // Set configuration data for Mtftp6 instance.
>      //
> @@ -1076,7 +1085,7 @@ EfiPxeBcUdpWrite (
>      DoNotFragment = TRUE;
>    }
> 
> -  if (!Mode->UsingIpv6 && GatewayIp != NULL && !NetIp4IsUnicast (NTOHL
> (GatewayIp->Addr[0]), 0)) {
> +  if (!Mode->UsingIpv6 && GatewayIp != NULL && !NetIp4IsUnicast (NTOHL
> + (GatewayIp->Addr[0]), EFI_NTOHL(Mode->SubnetMask))) {
>      //
>      // Gateway is provided but it's not a unicast IPv4 address, while it will be
> ignored for IPv6.
>      //
> @@ -1587,13 +1596,16 @@ EfiPxeBcSetIpFilter (
>        //
>        return EFI_INVALID_PARAMETER;
>      }
> -    if ((NewFilter->Filters & EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP) != 0
> &&
> -        (NetIp4IsUnicast (EFI_IP4 (NewFilter->IpList[Index].v4), 0) ||
> -         NetIp6IsValidUnicast (&NewFilter->IpList[Index].v6))) {
> -      //
> -      // If EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP is set and IPv4/IPv6
> address
> -      // is in IpList, promiscuous mode is needed.
> -      //
> +    if (Mode->UsingIpv6) {
> +      if ((NewFilter->Filters & EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP) != 0
> &&
> +          NetIp6IsValidUnicast (&NewFilter->IpList[Index].v6)) {
> +        NeedPromiscuous = TRUE;
> +      }
> +    } else if ((EFI_NTOHL(Mode->StationIp) != 0) &&
> +               (EFI_NTOHL(Mode->SubnetMask) != 0) &&
> +               IP4_NET_EQUAL(EFI_NTOHL(Mode->StationIp),
> EFI_NTOHL(NewFilter->IpList[Index].v4), EFI_NTOHL(Mode->SubnetMask.v4))
> &&
> +               NetIp4IsUnicast (EFI_IP4 (NewFilter->IpList[Index].v4),
> EFI_NTOHL(Mode->SubnetMask)) &&
> +               ((NewFilter->Filters &
> + EFI_PXE_BASE_CODE_IP_FILTER_STATION_IP) != 0)) {
>        NeedPromiscuous = TRUE;
>      }
>    }
> @@ -1987,9 +1999,7 @@ EfiPxeBcSetStationIP (
>      return EFI_INVALID_PARAMETER;
>    }
> 
> -  if (NewStationIp != NULL &&
> -      (!NetIp4IsUnicast (NTOHL (NewStationIp->Addr[0]), 0) &&
> -       !NetIp6IsValidUnicast (&NewStationIp->v6))) {
> +  if (NewStationIp != NULL && !NetIp6IsValidUnicast
> + (&NewStationIp->v6)) {
>      return EFI_INVALID_PARAMETER;
>    }
> 
> @@ -2003,6 +2013,10 @@ EfiPxeBcSetStationIP (
>      return EFI_INVALID_PARAMETER;
>    }
> 
> +  if (!Mode->UsingIpv6 && NewStationIp != NULL && !NetIp4IsUnicast (NTOHL
> (NewStationIp->Addr[0]), NTOHL (NewSubnetMask->Addr[0]))) {
> +    return EFI_INVALID_PARAMETER;
> +  }
> +
>    if (!Mode->Started) {
>      return EFI_NOT_STARTED;
>    }
> diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c
> b/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c
> index 3ea9518..00c652d 100644
> --- a/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c
> +++ b/NetworkPkg/UefiPxeBcDxe/PxeBcSupport.c
> @@ -258,7 +258,9 @@ PxeBcIcmpErrorDpcHandle (
>    }
> 
>    if (EFI_IP4 (RxData->Header->SourceAddress) != 0 &&
> -      !NetIp4IsUnicast (EFI_NTOHL (RxData->Header->SourceAddress), 0)) {
> +      (NTOHL (Mode->SubnetMask.Addr[0]) != 0) &&
> +      IP4_NET_EQUAL (NTOHL(Mode->StationIp.Addr[0]), EFI_NTOHL (RxData-
> >Header->SourceAddress), NTOHL (Mode->SubnetMask.Addr[0])) &&
> +      !NetIp4IsUnicast (EFI_NTOHL (RxData->Header->SourceAddress),
> + NTOHL (Mode->SubnetMask.Addr[0]))) {
>      //
>      // The source address of the received packet should be a valid unicast
> address.
>      //
> --
> 2.7.4.windows.1
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel