Adds support for receiving IPv4 and IPv6 multicast groups

Adds parsing of IGMP and MLD queries. Sends IGMPv2 and MLDv1 reports on a schedule that is updated based on received IGMP/MLD queries. Sends unsolicited IGMP and MLD reports on network-up events and on add-membership socket option. Adds 2 function pointers to the network interface struct that handle adding and removing multicast MAC addresses. Adds pxSocket->u.xUDP.xMulticastTTL that can be used for both IPv4 and IPv6 Adds pxSocket->u.xUDP.xMulticastAddress that can be used for both IPv4 and IPv6 Adds socket option defines to add/drop membership as well as change the transmit TTL of multicasts. Makes all 3 multicast socket options (add/drop/ttl) work with both IPv4 and IPv6 Adds a ucMaximumHops field to NetworkBufferDescriptor_t and assigns it to the proper TTL/HopLimit value based on what packet is being sent. Adds a NetworkInterface_t * to the socket struct to keep track of which network interface(s) should receive multicasts. Adds exceptions so that we don't send multicast reports for 224.0.0.1, ff02::1, as well as anything with IPv6 multicast scope of 0 or 1 Adds defines for MLD packets like the Multicast Listener Query and Report Generates an MLD report for the solicited-node multicast addresses corresponding to all unicast IPv6 addresses Sends IGMPv2 Leave Group messages whenever the last socket subscribed to a group drops that membership. Adds ipconfigPERIODIC_MULTICAST_REPORT_INTERVAL for debug purposes when there is no IGMP/MLD querier (+3 squashed commit) Improves the SAME70 driver to handle adding/removing muticast MAC addresses Adds a Multicast ToDo list to help keep me on track.
FreeRTOS · Nov 13, 2023 · b10fbd0 · b10fbd0
1 parent 9abe2d1
commit b10fbd0
Show file tree

Hide file tree

Showing 23 changed files with 2,074 additions and 73 deletions.
diff --git a/source/FreeRTOS_DNS_Networking.c b/source/FreeRTOS_DNS_Networking.c
@@ -84,6 +84,11 @@
              * going to be '0' i.e. success. Thus, return value is discarded */
             ( void ) FreeRTOS_setsockopt( xSocket, 0, FREERTOS_SO_SNDTIMEO, &( uxWriteTimeOut_ticks ), sizeof( TickType_t ) );
             ( void ) FreeRTOS_setsockopt( xSocket, 0, FREERTOS_SO_RCVTIMEO, &( uxReadTimeOut_ticks ), sizeof( TickType_t ) );
+            #if ( ipconfigSUPPORT_IP_MULTICAST != 0 )
+                /* Since this socket may be used for LLMNR or mDNS, set the multicast TTL to 1. */
+                uint8_t ucMulticastTTL = 1;
+                ( void ) FreeRTOS_setsockopt( xSocket, 0, FREERTOS_SO_IP_MULTICAST_TTL, &( ucMulticastTTL ), sizeof( ucMulticastTTL ) );
+            #endif
         }
 
         return xSocket;

diff --git a/source/FreeRTOS_DNS_Parser.c b/source/FreeRTOS_DNS_Parser.c
@@ -936,6 +936,26 @@
                     }
 
                     xUDPPacket_IPv6->xUDPHeader.usLength = FreeRTOS_htons( ( uint16_t ) lNetLength + ipSIZE_OF_UDP_HEADER );
+
+                    if( xUDPPacket_IPv6->xUDPHeader.usDestinationPort == FreeRTOS_ntohs( ipMDNS_PORT ) )
+                    {
+                        /* RFC6762, section 11 */
+                        xUDPPacket_IPv6->xIPHeader.ucHopLimit = 255U;
+                    }
+                    else if( xUDPPacket_IPv6->xUDPHeader.usDestinationPort == FreeRTOS_ntohs( ipLLMNR_PORT ) )
+                    {
+                        /* LLMNR: RFC4795 section 2.5 recommends UDP requests and responses use TTL of 255 */
+
+                        /* Theoretically, LLMNR replies can go "off-link" and create a DDoS scenario. That should be preventable
+                         * by settings our rely's TTL/HopLimit to 1. Please note that in certain situations ( I think unicast
+                         * responses), Wireshark flags some LLMNR packets that have TTL of 1 as too low. */
+                        xUDPPacket_IPv6->xIPHeader.ucHopLimit = 1U;
+                    }
+                    else
+                    {
+                        xUDPPacket_IPv6->xIPHeader.ucHopLimit = ipconfigUDP_TIME_TO_LIVE;
+                    }
+
                     vFlip_16( pxUDPHeader->usSourcePort, pxUDPHeader->usDestinationPort );
                     uxDataLength = ( size_t ) lNetLength + ipSIZE_OF_IPv6_HEADER + ipSIZE_OF_UDP_HEADER + ipSIZE_OF_ETH_HEADER;
                 }
@@ -951,8 +971,18 @@
                 /* HT:endian: should not be translated, copying from packet to packet */
                 if( pxIPHeader->ulDestinationIPAddress == ipMDNS_IP_ADDRESS )
                 {
+                    /* RFC6762, section 11 */
                     pxIPHeader->ucTimeToLive = ipMDNS_TIME_TO_LIVE;
                 }
+                else if( pxUDPHeader->usDestinationPort == FreeRTOS_ntohs( ipLLMNR_PORT ) )
+                {
+                    /* LLMNR: RFC4795 section 2.5 recommends UDP requests and responses use TTL of 255 */
+
+                    /* Theoretically, LLMNR replies can go "off-link" and create a DDoS scenario. That should be preventable
+                     * by settings our rely's TTL/HopLimit to 1. Please note that in certain situations ( I think unicast
+                     * responses), Wireshark flags some LLMNR packets that have TTL of 1 as too low. */
+                    pxIPHeader->ucTimeToLive = 1;
+                }
                 else
                 {
                     pxIPHeader->ulDestinationIPAddress = pxIPHeader->ulSourceIPAddress;