From 2822cc671a97f575afada55839238b71a8eb1091 Mon Sep 17 00:00:00 2001 From: David Cermak Date: Wed, 2 Oct 2024 11:17:06 +0200 Subject: [PATCH] fix(lwip): Fix ping_v6 receiving to accept only echo replies This fixes a bug where we ping our own IP and the request itself bounces back to the raw receive function and is incorrectly treated as reply. (this bug was discovered when fixing ICMPv6 pings with incorrect checksums, while the ping request was dropped in icmpv6.c due to wrong checksum, but was also fed to raw layers where it was treated as "correct" response, so the PINGv6 to ourselves still worked) --- components/lwip/apps/ping/ping_sock.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/components/lwip/apps/ping/ping_sock.c b/components/lwip/apps/ping/ping_sock.c index 28cce40ff7..fc302cfa73 100644 --- a/components/lwip/apps/ping/ping_sock.c +++ b/components/lwip/apps/ping/ping_sock.c @@ -133,7 +133,8 @@ static int esp_ping_receive(esp_ping_t *ep) if (IP_IS_V6_VAL(recv_addr)) { // Currently we process IPv6 struct ip6_hdr *iphdr = (struct ip6_hdr *)buf; struct icmp6_echo_hdr *iecho6 = (struct icmp6_echo_hdr *)(buf + sizeof(struct ip6_hdr)); // IPv6 head length is 40 - if ((iecho6->id == ep->packet_hdr->id) && (iecho6->seqno == ep->packet_hdr->seqno)) { + if ((iecho6->type == ICMP6_TYPE_EREP) // only check the ICMPv6 echo reply types + && (iecho6->id == ep->packet_hdr->id) && (iecho6->seqno == ep->packet_hdr->seqno)) { ip_addr_copy(ep->recv_addr, recv_addr); ep->received++; ep->recv_len = IP6H_PLEN(iphdr) - sizeof(struct icmp6_echo_hdr); //The data portion of ICMPv6