From 55e4a16241fff0e02711f3c5d02eb72383369d7f Mon Sep 17 00:00:00 2001 From: Marek Lindner Date: Sun, 27 Jan 2013 00:41:37 +0000 Subject: [PATCH] batman-adv: distributed arp table fixes Signed-off-by: Marek Lindner git-svn-id: svn://svn.openwrt.org/openwrt/packages/net/batman-adv@35324 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- Makefile | 2 +- ...kb-leak-in-batadv_dat_snoop_incoming.patch | 33 ++++++++++++ ...-for-more-types-of-invalid-IP-addres.patch | 36 +++++++++++++ ...r-ARP-packets-with-invalid-MAC-addre.patch | 51 +++++++++++++++++++ 4 files changed, 121 insertions(+), 1 deletion(-) create mode 100644 patches/0001-batman-adv-fix-skb-leak-in-batadv_dat_snoop_incoming.patch create mode 100644 patches/0002-batman-adv-check-for-more-types-of-invalid-IP-addres.patch create mode 100644 patches/0003-batman-adv-filter-ARP-packets-with-invalid-MAC-addre.patch diff --git a/Makefile b/Makefile index 0c57716..6aa2c13 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ PKG_NAME:=batman-adv PKG_VERSION:=2013.0.0 BATCTL_VERSION:=2013.0.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_MD5SUM:=37f4aa02f393daad3d87cead2bc28ed9 BATCTL_MD5SUM:=6ea4bcd8a9332d586bb06b5063f882cd diff --git a/patches/0001-batman-adv-fix-skb-leak-in-batadv_dat_snoop_incoming.patch b/patches/0001-batman-adv-fix-skb-leak-in-batadv_dat_snoop_incoming.patch new file mode 100644 index 0000000..a6829f4 --- /dev/null +++ b/patches/0001-batman-adv-fix-skb-leak-in-batadv_dat_snoop_incoming.patch @@ -0,0 +1,33 @@ +From 977d8c6f9253ad71e4bd8e4be2705c3bee684feb Mon Sep 17 00:00:00 2001 +From: Matthias Schiffer +Date: Wed, 23 Jan 2013 18:11:53 +0100 +Subject: [PATCH 1/3] batman-adv: fix skb leak in + batadv_dat_snoop_incoming_arp_reply() + +The callers of batadv_dat_snoop_incoming_arp_reply() assume the skb has been +freed when it returns true; fix this by calling kfree_skb before returning as +it is done in batadv_dat_snoop_incoming_arp_request(). + +Signed-off-by: Matthias Schiffer +Signed-off-by: Marek Lindner +Acked-by: Antonio Quartulli +--- + distributed-arp-table.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/distributed-arp-table.c b/distributed-arp-table.c +index 7485a78..9f4cff3 100644 +--- a/distributed-arp-table.c ++++ b/distributed-arp-table.c +@@ -1012,6 +1012,8 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv, + */ + ret = !batadv_is_my_client(bat_priv, hw_dst); + out: ++ if (ret) ++ kfree_skb(skb); + /* if ret == false -> packet has to be delivered to the interface */ + return ret; + } +-- +1.7.10.4 + diff --git a/patches/0002-batman-adv-check-for-more-types-of-invalid-IP-addres.patch b/patches/0002-batman-adv-check-for-more-types-of-invalid-IP-addres.patch new file mode 100644 index 0000000..ce84bac --- /dev/null +++ b/patches/0002-batman-adv-check-for-more-types-of-invalid-IP-addres.patch @@ -0,0 +1,36 @@ +From 3b24193d7cfc18f0cc005811ca4aab3479c2f1c6 Mon Sep 17 00:00:00 2001 +From: Matthias Schiffer +Date: Thu, 24 Jan 2013 18:18:26 +0100 +Subject: [PATCH 2/3] batman-adv: check for more types of invalid IP addresses + in DAT + +There are more types of IP addresses that may appear in ARP packets that we +don't want to process. While some of these should never appear in sane ARP +packets, a 0.0.0.0 source is used for duplicate address detection and thus seen +quite often. + +Signed-off-by: Matthias Schiffer +Acked-by: Antonio Quartulli +Signed-off-by: Marek Lindner +--- + distributed-arp-table.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/distributed-arp-table.c b/distributed-arp-table.c +index 9f4cff3..be3be28 100644 +--- a/distributed-arp-table.c ++++ b/distributed-arp-table.c +@@ -777,7 +777,9 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv, + ip_src = batadv_arp_ip_src(skb, hdr_size); + ip_dst = batadv_arp_ip_dst(skb, hdr_size); + if (ipv4_is_loopback(ip_src) || ipv4_is_multicast(ip_src) || +- ipv4_is_loopback(ip_dst) || ipv4_is_multicast(ip_dst)) ++ ipv4_is_loopback(ip_dst) || ipv4_is_multicast(ip_dst) || ++ ipv4_is_zeronet(ip_src) || ipv4_is_lbcast(ip_src) || ++ ipv4_is_zeronet(ip_dst) || ipv4_is_lbcast(ip_dst)) + goto out; + + type = ntohs(arphdr->ar_op); +-- +1.7.10.4 + diff --git a/patches/0003-batman-adv-filter-ARP-packets-with-invalid-MAC-addre.patch b/patches/0003-batman-adv-filter-ARP-packets-with-invalid-MAC-addre.patch new file mode 100644 index 0000000..bba3804 --- /dev/null +++ b/patches/0003-batman-adv-filter-ARP-packets-with-invalid-MAC-addre.patch @@ -0,0 +1,51 @@ +From ab361a9ccc584e7501c06bfe1c00cb0411feebaf Mon Sep 17 00:00:00 2001 +From: Matthias Schiffer +Date: Thu, 24 Jan 2013 18:18:27 +0100 +Subject: [PATCH 3/3] batman-adv: filter ARP packets with invalid MAC + addresses in DAT + +We never want multicast MAC addresses in the Distributed ARP Table, so it's +best to completely ignore ARP packets containing them where we expect unicast +addresses. + +Signed-off-by: Matthias Schiffer +Acked-by: Antonio Quartulli +Signed-off-by: Marek Lindner +--- + distributed-arp-table.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/distributed-arp-table.c b/distributed-arp-table.c +index be3be28..ea0bd31 100644 +--- a/distributed-arp-table.c ++++ b/distributed-arp-table.c +@@ -738,6 +738,7 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv, + struct arphdr *arphdr; + struct ethhdr *ethhdr; + __be32 ip_src, ip_dst; ++ uint8_t *hw_src, *hw_dst; + uint16_t type = 0; + + /* pull the ethernet header */ +@@ -782,6 +783,18 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv, + ipv4_is_zeronet(ip_dst) || ipv4_is_lbcast(ip_dst)) + goto out; + ++ hw_src = batadv_arp_hw_src(skb, hdr_size); ++ if (is_zero_ether_addr(hw_src) || is_multicast_ether_addr(hw_src)) ++ goto out; ++ ++ /* we don't care about the destination MAC address in ARP requests */ ++ if (arphdr->ar_op != htons(ARPOP_REQUEST)) { ++ hw_dst = batadv_arp_hw_dst(skb, hdr_size); ++ if (is_zero_ether_addr(hw_dst) || ++ is_multicast_ether_addr(hw_dst)) ++ goto out; ++ } ++ + type = ntohs(arphdr->ar_op); + out: + return type; +-- +1.7.10.4 + -- GitLab