Manually bound sockets should only receive packets from the peer

[stevenengler]

If a TCP or UDP socket has its peer address set with connect(), it should only ever receive packets from that peer address.

connect(2):

If the socket sockfd is of type SOCK_DGRAM, then addr is the address to which datagrams are sent by default, and the only address from which datagrams are received.

In Shadow, a connect() after a bind() will still allow the UDP socket to receive packets from any address.

Since the UDP socket may have been bound before the connect() call (and would therefore be associated with the network interface using peer_ip=0 and peer_port=0), we can't rely on the network interface to drop packets from an incorrect peer address. We should maybe filter out these packets from within _udp_processPacket instead. Alternatively, we could disassociate from the interface and re-associate using the new peer ip/port during every connect() call. In this case we'd have to be careful that two UDP sockets don't end up with the same port. For example if two sockets are associated with an interface using different peers, and therefore have different association keys, but the bind_ip and bind_port are the same.

There may be a related issue with TCP sockets where if you bind a TCP socket, it will be associated with the network interface using peer_ip=0 and peer_port=0. Then if you later call connect(), it won't be re-associated using the new peer name, and it could receive packets from any address (not just the peer). I haven't looked into this case at all, I don't think it's an issue since applications can't generate raw packets in Shadow, but it would still be good to fix anyway.

[stevenengler]

UDP sockets now drop packets if the socket has a peer, but receives a packet from a remote address that is not the peer.

shadow/src/main/host/descriptor/socket/inet/udp.rs

Lines 97 to 119 in 4355142

	pub fn push_in_packet(&mut self, mut packet: PacketRc, cb_queue: &mut CallbackQueue) {
	packet.add_status(PacketStatus::RcvSocketProcessed);
	if let Some(peer_addr) = self.peer_addr {
	if peer_addr != packet.src_address() {
	// connect(2): "If the socket sockfd is of type SOCK_DGRAM, then addr is the address
	// to which datagrams are sent by default, and the only address from which datagrams
	// are received."
	// we have a peer, but received a packet from a different source address than that
	// peer
	packet.add_status(PacketStatus::RcvSocketDropped);
	// TODO: There's a race condition where we check the packet's address only when
	// receiving the packet from the network interface, but the user could call
	// `connect()` to set a peer after we've already received and buffered this packet.
	// My guess is that this race condition exists in Linux as well, but ideally we
	// should add a test, and do another check when `recvmsg()` is called if we really
	// need to.
	return;
	}
	};

I think we should make sure we have similar logic in the TCP code before we close this.