* [B.A.T.M.A.N.] [PATCHv2 3/7] batman-adv: prevent duplication of ARP replies when DAT is used
@ 2016-02-26 13:18 Andreas Pape
2016-02-26 16:03 ` Sven Eckelmann
2016-03-10 15:07 ` Simon Wunderlich
0 siblings, 2 replies; 3+ messages in thread
From: Andreas Pape @ 2016-02-26 13:18 UTC (permalink / raw)
To: b.a.t.m.a.n
If none of the backbone gateways in a bla setup has already knowledge of
the mac address searched for in an incoming ARP request from the backbone
it must be prevented that multiple ARP replies are generated and returned
to the backbone by the dat address resolution mechanism of other dat
enabled nodes of the mesh.
Signed-off-by: Andreas Pape <apape@phoenixcontact.com>
---
net/batman-adv/distributed-arp-table.c | 65 +++++++++++++++++++++++++++++++-
1 files changed, 64 insertions(+), 1 deletions(-)
diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c
index 0f899b9..f60fccb 100644
--- a/net/batman-adv/distributed-arp-table.c
+++ b/net/batman-adv/distributed-arp-table.c
@@ -1081,6 +1081,8 @@ bool batadv_dat_snoop_incoming_arp_request(struct batadv_priv *bat_priv,
u8 *hw_src;
struct sk_buff *skb_new;
struct batadv_dat_entry *dat_entry = NULL;
+ struct batadv_unicast_4addr_packet *unicast_4addr_packet;
+ struct batadv_orig_node *orig_node = NULL;
bool ret = false;
unsigned short vid;
int err;
@@ -1104,8 +1106,38 @@ bool batadv_dat_snoop_incoming_arp_request(struct batadv_priv *bat_priv,
batadv_dat_entry_add(bat_priv, ip_src, hw_src, vid);
dat_entry = batadv_dat_entry_hash_find(bat_priv, ip_dst, vid);
- if (!dat_entry)
+ if (!dat_entry) {
+ /* Check if this is a 4addr unicast DAT_DHT_GET frame from
+ * another backbone gw of the same backbone. If yes, drop
+ * it as this leads to multiplication of arp requests in bla
+ * setups as long as there is no dat_entry fo this answer.
+ * In this case better drop the DHT_GET. Normal bla code
+ * doesn't take care of these packets as they are tunneled
+ * via unicast.
+ */
+ unicast_4addr_packet =
+ (struct batadv_unicast_4addr_packet *)skb->data;
+ orig_node =
+ batadv_orig_hash_find(bat_priv,
+ unicast_4addr_packet->src);
+ if (orig_node) {
+ if ((unicast_4addr_packet->u.packet_type ==
+ BATADV_UNICAST_4ADDR) &&
+ (unicast_4addr_packet->subtype ==
+ BATADV_P_DAT_DHT_GET) &&
+ (batadv_bla_is_backbone_gw(skb, orig_node,
+ hdr_size))) {
+ batadv_dbg(BATADV_DBG_DAT, bat_priv, "Doubled ARP request removed: ARP MSG = [src: %pM-%pI4 dst: %pM-%pI4]; originator: %pM\n",
+ hw_src, &ip_src,
+ batadv_arp_hw_dst(skb, hdr_size),
+ &ip_dst, unicast_4addr_packet->src);
+ ret = true;
+ }
+ batadv_orig_node_put(orig_node);
+ }
+
goto out;
+ }
skb_new = arp_create(ARPOP_REPLY, ETH_P_ARP, ip_src,
bat_priv->soft_iface, ip_dst, hw_src,
@@ -1204,6 +1236,7 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv,
__be32 ip_src, ip_dst;
u8 *hw_src, *hw_dst;
bool dropped = false;
+ struct batadv_dat_entry *dat_entry = NULL;
unsigned short vid;
if (!atomic_read(&bat_priv->distributed_arp_table))
@@ -1223,12 +1256,40 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv,
hw_dst = batadv_arp_hw_dst(skb, hdr_size);
ip_dst = batadv_arp_ip_dst(skb, hdr_size);
+ /* If ip_dst is already in cache and has the right mac address,
+ * drop this frame if this ARP reply is destined for us. We have
+ * most probably received already a reply from someone else. Delivering
+ * this frame would lead to doubled receive of an ARP reply.
+ */
+ dat_entry = batadv_dat_entry_hash_find(bat_priv, ip_src, vid);
+ if ((dat_entry) && (batadv_compare_eth(hw_src, dat_entry->mac_addr))) {
+ batadv_dbg(BATADV_DBG_DAT, bat_priv, "Doubled ARP reply removed: ARP MSG = [src: %pM-%pI4 dst: %pM-%pI4]; dat_entry: %pM-%pI4\n",
+ hw_src, &ip_src, hw_dst, &ip_dst,
+ dat_entry->mac_addr, &dat_entry->ip);
+ dropped = true;
+ goto out;
+ }
+
/* Update our internal cache with both the IP addresses the node got
* within the ARP reply
*/
batadv_dat_entry_add(bat_priv, ip_src, hw_src, vid);
batadv_dat_entry_add(bat_priv, ip_dst, hw_dst, vid);
+ /* If BLA is enabled, only forward ARP replies if we have claimed the
+ * source of the ARP reply or if no one else of the same backbone has
+ * already claimed that client. This prevents that different gateways
+ * to the same backbone all forward the ARP reply leading to multiple
+ * replies in the backbone.
+ */
+ if (!batadv_bla_handle_local_claim(bat_priv, hw_src, vid)) {
+ batadv_dbg(BATADV_DBG_DAT, bat_priv,
+ "Device %pM claimed by another backbone gw. Drop ARP reply.\n",
+ hw_src);
+ dropped = true;
+ goto out;
+ }
+
/* if this REPLY is directed to a client of mine, let's deliver the
* packet to the interface
*/
@@ -1241,6 +1302,8 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv,
out:
if (dropped)
kfree_skb(skb);
+ if (dat_entry)
+ batadv_dat_entry_put(dat_entry);
/* if dropped == false -> deliver to the interface */
return dropped;
}
--
1.7.0.4
..................................................................
PHOENIX CONTACT ELECTRONICS GmbH
Sitz der Gesellschaft / registered office of the company: 31812 Bad Pyrmont
USt-Id-Nr.: DE811742156
Amtsgericht Hannover HRB 100528 / district court Hannover HRB 100528
Geschäftsführer / Executive Board: Roland Bent, Dr. Martin Heubeck
___________________________________________________________________
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren, jegliche anderweitige Verwendung sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
----------------------------------------------------------------------------------------------------
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure, distribution or other use of the material or parts thereof is strictly forbidden.
___________________________________________________________________
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCHv2 3/7] batman-adv: prevent duplication of ARP replies when DAT is used
2016-02-26 13:18 [B.A.T.M.A.N.] [PATCHv2 3/7] batman-adv: prevent duplication of ARP replies when DAT is used Andreas Pape
@ 2016-02-26 16:03 ` Sven Eckelmann
2016-03-10 15:07 ` Simon Wunderlich
1 sibling, 0 replies; 3+ messages in thread
From: Sven Eckelmann @ 2016-02-26 16:03 UTC (permalink / raw)
To: b.a.t.m.a.n
[-- Attachment #1: Type: text/plain, Size: 1484 bytes --]
On Friday 26 February 2016 14:18:39 Andreas Pape wrote:
> dat_entry = batadv_dat_entry_hash_find(bat_priv, ip_dst, vid);
> - if (!dat_entry)
> + if (!dat_entry) {
> + /* Check if this is a 4addr unicast DAT_DHT_GET frame from
> + * another backbone gw of the same backbone. If yes, drop
> + * it as this leads to multiplication of arp requests in bla
> + * setups as long as there is no dat_entry fo this answer.
> + * In this case better drop the DHT_GET. Normal bla code
> + * doesn't take care of these packets as they are tunneled
> + * via unicast.
> + */
> + unicast_4addr_packet =
> + (struct batadv_unicast_4addr_packet *)skb->data;
> + orig_node =
> + batadv_orig_hash_find(bat_priv,
> + unicast_4addr_packet->src);
> + if (orig_node) {
> + if ((unicast_4addr_packet->u.packet_type ==
> + BATADV_UNICAST_4ADDR) &&
> + (unicast_4addr_packet->subtype ==
> + BATADV_P_DAT_DHT_GET) &&
> + (batadv_bla_is_backbone_gw(skb, orig_node,
> + hdr_size))) {
> + batadv_dbg(BATADV_DBG_DAT, bat_priv, "Doubled ARP request removed: ARP MSG = [src: %pM-%pI4 dst: %pM-%pI4]; originator: %pM\n",
> + hw_src, &ip_src,
> + batadv_arp_hw_dst(skb, hdr_size),
> + &ip_dst, unicast_4addr_packet->src);
> + ret = true;
> + }
> + batadv_orig_node_put(orig_node);
> + }
> +
> goto out;
> + }
This looks really squashed. Maybe this stuff can be moved in a separate
function.
Kind regards,
Sven
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCHv2 3/7] batman-adv: prevent duplication of ARP replies when DAT is used
2016-02-26 13:18 [B.A.T.M.A.N.] [PATCHv2 3/7] batman-adv: prevent duplication of ARP replies when DAT is used Andreas Pape
2016-02-26 16:03 ` Sven Eckelmann
@ 2016-03-10 15:07 ` Simon Wunderlich
1 sibling, 0 replies; 3+ messages in thread
From: Simon Wunderlich @ 2016-03-10 15:07 UTC (permalink / raw)
To: b.a.t.m.a.n
[-- Attachment #1: Type: text/plain, Size: 592 bytes --]
On Friday 26 February 2016 14:18:39 Andreas Pape wrote:
> If none of the backbone gateways in a bla setup has already knowledge of
> the mac address searched for in an incoming ARP request from the backbone
> it must be prevented that multiple ARP replies are generated and returned
> to the backbone by the dat address resolution mechanism of other dat
> enabled nodes of the mesh.
Isn't this patch somewhat redundant due to the change in patch 4? In that
patch we already drop unicast packets, and this patch just adds a check for a
more specific unicast subtype ...?
Thanks,
Simon
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-03-10 15:07 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-02-26 13:18 [B.A.T.M.A.N.] [PATCHv2 3/7] batman-adv: prevent duplication of ARP replies when DAT is used Andreas Pape
2016-02-26 16:03 ` Sven Eckelmann
2016-03-10 15:07 ` Simon Wunderlich
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.