Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ping: discard packets with wrong source address
RFC 1122 clearly states that the IP address in the reply MUST match the one in the request: The IP source address in an ICMP Echo Reply MUST be the same as the specific-destination address (defined in Section 3.2.1.3) of the corresponding ICMP Echo Request message. This is not enforced in iputils neither in IPv4 nor in IPv6: $ ping -c4 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.5: icmp_seq=1 ttl=64 time=0.072 ms 64 bytes from 127.0.0.5: icmp_seq=2 ttl=64 time=0.101 ms 64 bytes from 127.0.0.5: icmp_seq=3 ttl=64 time=0.079 ms 64 bytes from 127.0.0.5: icmp_seq=4 ttl=64 time=0.081 ms --- 127.0.0.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3056ms rtt min/avg/max/mdev = 0.072/0.083/0.101/0.010 ms $ ping -c4 ::1 PING ::1(::1) 56 data bytes 64 bytes from ::5: icmp_seq=1 ttl=64 time=0.029 ms 64 bytes from ::5: icmp_seq=2 ttl=64 time=0.084 ms 64 bytes from ::5: icmp_seq=3 ttl=64 time=0.064 ms 64 bytes from ::5: icmp_seq=4 ttl=64 time=0.083 ms --- ::1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3074ms rtt min/avg/max/mdev = 0.029/0.065/0.084/0.022 ms The same issue happens both with raw and ICMP sockets. Signed-off-by: Matteo Croce <[email protected]>
- Loading branch information
1 parent
f406ac9
commit 5e052ad