Merge "Drop egress multicast on clat interface" into main

commit: 8fa6e76f2dd97f57f6ee2157621f08b8e7f5c590 [log] [tgz]
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Thu Feb 27 14:58:53 2025 -0800
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Feb 27 14:58:53 2025 -0800
tree: fbe11fb4e846525fcdaec019ff84b3bbd9caebc0
parent: ff4050825a5d990f8a39515d6b5c7b630baa807a [diff]
parent: bb08d8083e7ccd9a71de6ca2592a4fb355e0c602 [diff]
diff --git a/bpf/progs/clatd.c b/bpf/progs/clatd.c
index 2d4551e..2bb9d6f 100644
--- a/bpf/progs/clatd.c
+++ b/bpf/progs/clatd.c

@@ -288,6 +288,9 @@
     // We cannot handle IP options, just standard 20 byte == 5 dword minimal IPv4 header
     if (ip4->ihl != 5) return TC_ACT_PIPE;
 
+    // Packet must not be multicast
+    if ((ip4->daddr & 0xf0000000) == 0xe0000000) return TC_ACT_PIPE;
+
     // Calculate the IPv4 one's complement checksum of the IPv4 header.
     __wsum sum4 = 0;
     for (unsigned i = 0; i < sizeof(*ip4) / sizeof(__u16); ++i) {

diff --git a/clatd/ipv4.c b/clatd/ipv4.c
index 2be02e3..81bf87b 100644
--- a/clatd/ipv4.c
+++ b/clatd/ipv4.c

@@ -85,6 +85,11 @@
     return 0;
   }
 
+  if ((header->daddr & 0xf0000000) == 0xe0000000) {
+    logmsg_dbg(ANDROID_LOG_INFO, "ip_packet/daddr is multicast: %x", header->daddr);
+    return 0;
+  }
+
   /* rfc6145 - If any IPv4 options are present in the IPv4 packet, they MUST be
    * ignored and the packet translated normally; there is no attempt to
    * translate the options.
commit	8fa6e76f2dd97f57f6ee2157621f08b8e7f5c590	[log] [tgz]
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	Thu Feb 27 14:58:53 2025 -0800
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Feb 27 14:58:53 2025 -0800
tree	fbe11fb4e846525fcdaec019ff84b3bbd9caebc0
parent	ff4050825a5d990f8a39515d6b5c7b630baa807a [diff]
parent	bb08d8083e7ccd9a71de6ca2592a4fb355e0c602 [diff]