Discard packets with non-unicast source addresses at IP level.

This is required by RFC 1122 and helps avoid "broadcast storms".

src/iface/ethernet.rs

@@ -193,7 +193,12 @@ impl<'a, 'b, 'c, DeviceT: Device + 'a> Interface<'a, 'b, 'c, DeviceT> {
         let ipv4_packet = Ipv4Packet::new_checked(eth_frame.payload())?;
         let ipv4_repr = Ipv4Repr::parse(&ipv4_packet)?;
 
-        if ipv4_repr.src_addr.is_unicast() && eth_frame.src_addr().is_unicast() {
+        if ipv4_repr.src_addr.is_unicast() {
+            // Discard packets with non-unicast source addresses.
+            return Err(Error::Malformed)
+        }
+
+        if eth_frame.src_addr().is_unicast() {
             // Fill the ARP cache from IP header of unicast frames.
             self.arp_cache.fill(&IpAddress::Ipv4(ipv4_repr.src_addr),
                                 &eth_frame.src_addr());