[B.A.T.M.A.N.] pull request: batman-adv 2013-01-27

[B.A.T.M.A.N.] pull request: batman-adv 2013-01-27

[Antonio Quartulli]

This is a small patchset intended for net/linux-3.8.
Here there are three small patches from Matthias Schiffer aimed to fix some
memory problems in the recently introduced D.A.T. component. One of them is
fixing an skb memleak, one is fixing the ARP filter routine by preventing DAT to
parse not useful messages (so reducing the amount of memory used by the local
cache) and one fixing again the ARP filter routine by preventing DAT to
overwrite correct entries with bogus ones in the local cache.

Please pull or let me know if there is any problem.

Thanks a lot,
	Antonio

The following changes since commit 1591ab6740326aaf41e194c43bdf8ece6e2e4835:

  Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless (2013-01-27 01:37:22 -0500)

are available in the git repository at:


  git://git.open-mesh.org/linux-merge.git tags/batman-adv-fix-for-davem

for you to fetch changes up to b618ad1103c9ea0c4a69b44f42fc3c7b4e231e22:

  batman-adv: filter ARP packets with invalid MAC addresses in DAT (2013-01-27 14:02:39 +0100)

----------------------------------------------------------------
Included changes ares:
- fix an skb memleak in DAT
- fix the ARP filtering routine in DAT by preventing bogus entries to overwrite
  already existing ones in the local cache.
- fix the ARP filtering routine in DAT by preventing it to parse and add to the
  cache bogus entries

----------------------------------------------------------------
Matthias Schiffer (3):
      batman-adv: fix skb leak in batadv_dat_snoop_incoming_arp_reply()
      batman-adv: check for more types of invalid IP addresses in DAT
      batman-adv: filter ARP packets with invalid MAC addresses in DAT

 net/batman-adv/distributed-arp-table.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

[B.A.T.M.A.N.] [PATCH 1/3] batman-adv: fix skb leak in batadv_dat_snoop_incoming_arp_reply()

[Antonio Quartulli]

From: Matthias Schiffer <mschiffer@universe-factory.net>

The callers of batadv_dat_snoop_incoming_arp_reply() assume the skb has been
freed when it returns true; fix this by calling kfree_skb before returning as
it is done in batadv_dat_snoop_incoming_arp_request().

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Acked-by: Antonio Quartulli <ordex@autistici.org>
Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---
 net/batman-adv/distributed-arp-table.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c
index 7485a78..9f4cff3 100644
--- a/net/batman-adv/distributed-arp-table.c
+++ b/net/batman-adv/distributed-arp-table.c
@@ -1012,6 +1012,8 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv,
 	 */
 	ret = !batadv_is_my_client(bat_priv, hw_dst);
 out:
+	if (ret)
+		kfree_skb(skb);
 	/* if ret == false -> packet has to be delivered to the interface */
 	return ret;
 }
-- 
1.8.1.1

[B.A.T.M.A.N.] [PATCH 2/3] batman-adv: check for more types of invalid IP addresses in DAT

[Antonio Quartulli]

From: Matthias Schiffer <mschiffer@universe-factory.net>

There are more types of IP addresses that may appear in ARP packets that we
don't want to process. While some of these should never appear in sane ARP
packets, a 0.0.0.0 source is used for duplicate address detection and thus seen
quite often.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Antonio Quartulli <ordex@autistici.org>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---
 net/batman-adv/distributed-arp-table.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c
index 9f4cff3..be3be28 100644
--- a/net/batman-adv/distributed-arp-table.c
+++ b/net/batman-adv/distributed-arp-table.c
@@ -777,7 +777,9 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv,
 	ip_src = batadv_arp_ip_src(skb, hdr_size);
 	ip_dst = batadv_arp_ip_dst(skb, hdr_size);
 	if (ipv4_is_loopback(ip_src) || ipv4_is_multicast(ip_src) ||
-	    ipv4_is_loopback(ip_dst) || ipv4_is_multicast(ip_dst))
+	    ipv4_is_loopback(ip_dst) || ipv4_is_multicast(ip_dst) ||
+	    ipv4_is_zeronet(ip_src) || ipv4_is_lbcast(ip_src) ||
+	    ipv4_is_zeronet(ip_dst) || ipv4_is_lbcast(ip_dst))
 		goto out;
 
 	type = ntohs(arphdr->ar_op);
-- 
1.8.1.1

[B.A.T.M.A.N.] [PATCH 3/3] batman-adv: filter ARP packets with invalid MAC addresses in DAT

[Antonio Quartulli]

From: Matthias Schiffer <mschiffer@universe-factory.net>

We never want multicast MAC addresses in the Distributed ARP Table, so it's
best to completely ignore ARP packets containing them where we expect unicast
addresses.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Antonio Quartulli <ordex@autistici.org>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---
 net/batman-adv/distributed-arp-table.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c
index be3be28..ea0bd31 100644
--- a/net/batman-adv/distributed-arp-table.c
+++ b/net/batman-adv/distributed-arp-table.c
@@ -738,6 +738,7 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv,
 	struct arphdr *arphdr;
 	struct ethhdr *ethhdr;
 	__be32 ip_src, ip_dst;
+	uint8_t *hw_src, *hw_dst;
 	uint16_t type = 0;
 
 	/* pull the ethernet header */
@@ -782,6 +783,18 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv,
 	    ipv4_is_zeronet(ip_dst) || ipv4_is_lbcast(ip_dst))
 		goto out;
 
+	hw_src = batadv_arp_hw_src(skb, hdr_size);
+	if (is_zero_ether_addr(hw_src) || is_multicast_ether_addr(hw_src))
+		goto out;
+
+	/* we don't care about the destination MAC address in ARP requests */
+	if (arphdr->ar_op != htons(ARPOP_REQUEST)) {
+		hw_dst = batadv_arp_hw_dst(skb, hdr_size);
+		if (is_zero_ether_addr(hw_dst) ||
+		    is_multicast_ether_addr(hw_dst))
+			goto out;
+	}
+
 	type = ntohs(arphdr->ar_op);
 out:
 	return type;
-- 
1.8.1.1

Re: [B.A.T.M.A.N.] pull request: batman-adv 2013-01-27

[David Miller]

From: Antonio Quartulli <ordex@autistici.org>
Date: Sun, 27 Jan 2013 20:43:56 +0100

> This is a small patchset intended for net/linux-3.8.
> Here there are three small patches from Matthias Schiffer aimed to fix some
> memory problems in the recently introduced D.A.T. component. One of them is
> fixing an skb memleak, one is fixing the ARP filter routine by preventing DAT to
> parse not useful messages (so reducing the amount of memory used by the local
> cache) and one fixing again the ARP filter routine by preventing DAT to
> overwrite correct entries with bogus ones in the local cache.
> 
> Please pull or let me know if there is any problem.

Pulled, thanks Antonio.