fix validateNextHopAddr

JordiSubira · Nov 10, 2023 · c6a9ec6 · c6a9ec6
1 parent 7e9d544
commit c6a9ec6
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 6 deletions.
diff --git a/dispatcher/dispatcher.go b/dispatcher/dispatcher.go
@@ -401,43 +401,44 @@ func (m ipv6ControlMessage) Destination() net.IP {
 // it returns false. This implements a safeguard for traffic reflection as discussed in:
 // https://github.com/scionproto/scion/pull/4280#issuecomment-1775177351
 func (s *Server) validateNextHopAddr(addr netip.AddrPort, oobuffer []byte) bool {
-	udpAddr, ok := s.conn.LocalAddr().(*net.UDPAddr)
+	// take localAddr to be consistent with the setIPPktInfo(·) configuration
+	localAddr, ok := s.conn.LocalAddr().(*net.UDPAddr)
 	if !ok {
 		panic(fmt.Sprintln("Connection address is not UDPAddr",
 			"conn", s.conn.LocalAddr().Network()))
 	}
 
 	var cm controlMessage
-	if udpAddr.AddrPort().Addr().Unmap().Is4() {
+	if localAddr.AddrPort().Addr().Unmap().Is4() {
 		cm = ipv4ControlMessage{
 			ControlMessage: new(ipv4.ControlMessage),
 		}
 	}
-	if udpAddr.AddrPort().Addr().Unmap().Is6() {
+	if localAddr.AddrPort().Addr().Unmap().Is6() {
 		cm = ipv6ControlMessage{
 			ControlMessage: new(ipv6.ControlMessage),
 		}
 	}
 
 	if err := cm.Parse(oobuffer); err != nil {
 		log.Error("Parsing message", "err", err)
-		fmt.Println("Parsing message", "err", err)
 		return false
 	}
-	fmt.Println(cm.String())
 	if !cm.Destination().IsUnspecified() {
 		pktAddr, ok := netip.AddrFromSlice(cm.Destination())
 		if !ok {
+			log.Error("Getting DST from IP_PKT info", "DST", cm.Destination())
 			return false
 		}
-		if addr.Addr().Unmap().Compare(pktAddr) != 0 {
+		if addr.Addr().Unmap().Compare(pktAddr.Unmap()) != 0 {
 			log.Error("UDP/IP addr destination different from UDP/SCION addr",
 				"UDP/IP:", pktAddr.String(),
 				"UDP/SCION:", addr.Addr().String())
 			return false
 		}
 		return true
 	}
+	log.Error("Unable to validate next hop address", "addr", addr)
 	return false
 }
 

diff --git a/dispatcher/dispatcher_test.go b/dispatcher/dispatcher_test.go
@@ -66,6 +66,11 @@ func TestValidateAddr(t *testing.T) {
 	dispIPv4Addr := xtest.MustParseUDPAddr(t, "127.0.0.1:40032")
 	clientIPv6Addr := xtest.MustParseUDPAddr(t, "[::1]:0")
 	dispIPv6Addr := xtest.MustParseUDPAddr(t, "[::1]:40032")
+	mappedDispIPv4Addr := &net.UDPAddr{
+		IP:   dispIPv4Addr.IP.To16(),
+		Port: 40032,
+	}
+	undefinedIPv6 := xtest.MustParseUDPAddr(t, "[::]:40032")
 	testCases := []testCase{
 		{
 			Name:       "valid UDP/IPv4",
@@ -299,6 +304,52 @@ func TestValidateAddr(t *testing.T) {
 			},
 			ExpectedValue: false,
 		},
+		{
+			Name:       "IPv4-mapped-IPv6 to IPv4",
+			ClientAddr: clientAddr,
+			DispAddr:   dispIPv4Addr,
+			Pkt: &snet.Packet{
+				PacketInfo: snet.PacketInfo{
+					Source: snet.SCIONAddress{
+						IA:   xtest.MustParseIA("1-ff00:0:2"),
+						Host: addr.HostIP(clientAddr.AddrPort().Addr()),
+					},
+					Destination: snet.SCIONAddress{
+						IA:   xtest.MustParseIA("1-ff00:0:1"),
+						Host: addr.HostIP(mappedDispIPv4Addr.AddrPort().Addr()),
+					},
+					Payload: snet.UDPPayload{
+						SrcPort: 20001,
+						DstPort: 40001,
+					},
+					Path: path.Empty{},
+				},
+			},
+			ExpectedValue: true,
+		},
+		{
+			Name:       "IPv4 to undefined IPv6",
+			ClientAddr: clientAddr,
+			DispAddr:   undefinedIPv6,
+			Pkt: &snet.Packet{
+				PacketInfo: snet.PacketInfo{
+					Source: snet.SCIONAddress{
+						IA:   xtest.MustParseIA("1-ff00:0:2"),
+						Host: addr.HostIP(clientAddr.AddrPort().Addr()),
+					},
+					Destination: snet.SCIONAddress{
+						IA:   xtest.MustParseIA("1-ff00:0:1"),
+						Host: addr.HostIP(dispIPv4Addr.AddrPort().Addr()),
+					},
+					Payload: snet.UDPPayload{
+						SrcPort: 20001,
+						DstPort: 40001,
+					},
+					Path: path.Empty{},
+				},
+			},
+			ExpectedValue: true,
+		},
 	}
 	for _, test := range testCases {
 		t.Run(test.Name, func(t *testing.T) {