Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

shell/commands: fix, only accept proper pong response to icmpv6_echo #12159

Merged
merged 1 commit into from
Sep 3, 2019
Merged

shell/commands: fix, only accept proper pong response to icmpv6_echo #12159

merged 1 commit into from
Sep 3, 2019

Conversation

fjmolinas
Copy link
Contributor

Contribution description

This PR fixes the Bug introduced in #11933.

Testing procedure

Follow the testing procedure in #11519. To test in a controlled setting follow the testing procedure sugested by @benemorius:

To test this in a controlled setting I captured and injected ping replies with a Linux node connected via a border router to a Riot node using this procedure:

  1. Prepare Linux node to capture its own outgoing ping reply:
    tcpdump -i eth0 "icmp6 && ip6[40] == 129" -n -c1 -w icmp-reply.pcap
  2. Use the border router to block the genuine ping reply from reaching the Riot node:
    ip6tables -I FORWARD -o lowpan0 -p icmpv6 --icmpv6-type echo-reply -j DROP
  3. Ping Linux node from Riot node using 1 ping and a 60 second timeout:
    ping6 2001:470:4bb0:ffff::1 -c 1 -W 60000
  4. On Linux node modify the source address of the captured packet:
    tcprewrite --infile=icmp-reply.pcap --outfile=icmp-reply2.pcap --pnat=[2001:470:4bb0:ffff::1]:[2001:470:4bb0:ffff::2]
  5. On border router unblock ping replies:
    ip6tables -D FORWARD -o lowpan0 -p icmpv6 --icmpv6-type echo-reply -j DROP
  6. On Linux node send modified ping reply:
    tcpreplay --intf1=eth0 icmp-reply2.pcap
  7. Observe whether the Riot node prints the reply. It should not.
    12 bytes from 2001:470:4bb0:ffff::2 id:0xbe45/0xbe45 icmp_seq=0 ttl=63 rssi=-85 dBm time=13823.374 ms
  8. As before, block ping replies at the border router:
    ip6tables -I FORWARD -o lowpan0 -p icmpv6 --icmpv6-type echo-reply -j DROP
  9. As before, send a ping from the Riot node:
    ping6 2001:470:4bb0:ffff::1 -c 1 -W 60000
  10. As before, unblock ping replies:
    ip6tables -D FORWARD -o lowpan0 -p icmpv6 --icmpv6-type echo-reply -j DROP
  11. From the Linux node send the unmodified ping reply captured earlier:
    tcpreplay --intf1=eth0 icmp-reply.pcap
  12. Observe whether the Riot node prints the reply. It should not.
    12 bytes from 2001:470:4bb0:ffff::1 id:0xbe45/0x2e08 icmp_seq=0 ttl=63 rssi=-86 dBm time=52156.860 ms

Issues/PRs references

Fixes #11519

@fjmolinas fjmolinas added Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors) Area: network Area: Networking CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR labels Sep 3, 2019
@fjmolinas fjmolinas requested review from miri64 and maribu September 3, 2019 07:14
miri64
miri64 approved these changes Sep 3, 2019
View reviewed changes
Copy link
Member

@miri64 miri64 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ooops, ACK!

@miri64
Copy link
Member

miri64 commented Sep 3, 2019

Foiled by deMorgans law once again ;-).

@miri64 miri64 merged commit fa9bf48 into RIOT-OS:master Sep 3, 2019
@maribu
Copy link
Member

maribu commented Sep 3, 2019

Thanks for the fix!

@fjmolinas fjmolinas deleted the pr_icmp6_echo branch September 3, 2019 17:20
@benpicco benpicco mentioned this pull request Sep 10, 2019
Closed
@benpicco
Copy link
Contributor

With this, ping6 ff02::1 will not print any response 😕

@kb2ma kb2ma added this to the Release 2019.10 milestone Sep 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miri64 miri64 miri64 approved these changes

@maribu maribu Awaiting requested review from maribu

Assignees
No one assigned
Labels
Area: network Area: Networking CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR Type: bug The issue reports a bug / The PR fixes a bug (including spelling errors)
Projects
None yet
Milestone
Release 2019.10
Development

Successfully merging this pull request may close these issues.

shell/ping6: Incorrect handling of unexpected pongs
5 participants
@fjmolinas @miri64 @maribu @benpicco @kb2ma