Error on attempts at writing martian packets

reynir · reynir · commit 800fe963f1d7 · 2026-02-24T09:54:10.000+01:00
If we try to write to a loopback address we error out. This is perhaps
not ideal, but sending IP packets with loopback addresses is not allowed
according to RFC 1122.
diff --git a/src/ipv4/routing.ml b/src/ipv4/routing.ml
@@ -36,6 +36,8 @@ module Make(Log : Logs.LOG) (A : Arp.S) = struct
           Log.info (fun f -> f "IP.output: %a" A.pp_error e);
           Error `Local
       end
+    |ip when Ipaddr.V4.Prefix.mem ip Ipaddr.V4.Prefix.loopback -> (* Loopback *)
+      Lwt.return (Error `Loopback)
     |ip -> (* Gateway *)
       match gateway with
       | None ->
diff --git a/src/ipv4/static_ipv4.ml b/src/ipv4/static_ipv4.ml
@@ -50,6 +50,9 @@ module Make (Ethernet: Ethernet.S) (Arpv4 : Arp.S) = struct
     | Error `Local ->
       Log.warn (fun f -> f "Could not find %a on the local network" Ipaddr.V4.pp dst);
       Lwt.return @@ Error (`No_route "no response for IP on local network")
+    | Error `Loopback ->
+      Log.warn (fun f -> f "Write to loopback %a dropped" Ipaddr.V4.pp dst);
+      Lwt.return @@ Error (`No_route "Loopback address")
     | Error `Gateway when t.gateway = None ->
       Log.warn (fun f -> f "Write to %a would require an external route, which was not provided" Ipaddr.V4.pp dst);
       Lwt.return @@ Ok ()
