raw sockets: don't overwrite destination address

Also makes the behavior of raw sockets WRT fragmentation clearer, and makes the
ICMPv4 header-length check explicit.

Fixes #3160.

PiperOrigin-RevId: 380033450

2 files changed, 8 insertions, 4 deletions

diff --git a/pkg/tcpip/network/ipv6/icmp_test.go b/pkg/tcpip/network/ipv6/icmp_test.go
index c2e9544c1..7c2a3e56b 100644
--- a/pkg/tcpip/network/ipv6/icmp_test.go
+++ b/pkg/tcpip/network/ipv6/icmp_test.go
@@ -90,6 +90,10 @@ func (*stubDispatcher) DeliverTransportPacket(tcpip.TransportProtocolNumber, *st
 	return stack.TransportPacketHandled
 }
 
+func (*stubDispatcher) DeliverRawPacket(tcpip.TransportProtocolNumber, *stack.PacketBuffer) {
+	// No-op.
+}
+
 var _ stack.NetworkInterface = (*testInterface)(nil)
 
 type testInterface struct {
diff --git a/pkg/tcpip/network/ipv6/ipv6.go b/pkg/tcpip/network/ipv6/ipv6.go
index 8c8fafcda..f5693defe 100644
--- a/pkg/tcpip/network/ipv6/ipv6.go
+++ b/pkg/tcpip/network/ipv6/ipv6.go
@@ -928,10 +928,6 @@ func (e *endpoint) WriteHeaderIncludedPacket(r *stack.Route, pkt *stack.PacketBu
 		ipH.SetSourceAddress(r.LocalAddress())
 	}
 
-	// Set the destination. If the packet already included a destination, it will
-	// be part of the route anyways.
-	ipH.SetDestinationAddress(r.RemoteAddress())
-
 	// Populate the packet buffer's network header and don't allow an invalid
 	// packet to be sent.
 	//
@@ -1128,6 +1124,10 @@ func (e *endpoint) handleLocalPacket(pkt *stack.PacketBuffer, canSkipRXChecksum
 }
 
 func (e *endpoint) handleValidatedPacket(h header.IPv6, pkt *stack.PacketBuffer, inNICName string) {
+	// Raw socket packets are delivered based solely on the transport protocol
+	// number. We only require that the packet be valid IPv6.
+	e.dispatcher.DeliverRawPacket(h.TransportProtocol(), pkt)
+
 	pkt.NICID = e.nic.ID()
 	stats := e.stats.ip
 	stats.ValidPacketsReceived.Increment()