* [B.A.T.M.A.N.] [PATCH 1/3] batman-adv: fix skb leak in batadv_dat_snoop_incoming_arp_reply()
2013-01-27 19:43 [B.A.T.M.A.N.] pull request: batman-adv 2013-01-27 Antonio Quartulli
@ 2013-01-27 19:43 ` Antonio Quartulli
2013-01-27 19:43 ` [B.A.T.M.A.N.] [PATCH 2/3] batman-adv: check for more types of invalid IP addresses in DAT Antonio Quartulli
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Antonio Quartulli @ 2013-01-27 19:43 UTC (permalink / raw)
To: davem; +Cc: netdev, b.a.t.m.a.n, Marek Lindner
From: Matthias Schiffer <mschiffer@universe-factory.net>
The callers of batadv_dat_snoop_incoming_arp_reply() assume the skb has been
freed when it returns true; fix this by calling kfree_skb before returning as
it is done in batadv_dat_snoop_incoming_arp_request().
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Acked-by: Antonio Quartulli <ordex@autistici.org>
Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---
net/batman-adv/distributed-arp-table.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c
index 7485a78..9f4cff3 100644
--- a/net/batman-adv/distributed-arp-table.c
+++ b/net/batman-adv/distributed-arp-table.c
@@ -1012,6 +1012,8 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv,
*/
ret = !batadv_is_my_client(bat_priv, hw_dst);
out:
+ if (ret)
+ kfree_skb(skb);
/* if ret == false -> packet has to be delivered to the interface */
return ret;
}
--
1.8.1.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [B.A.T.M.A.N.] [PATCH 2/3] batman-adv: check for more types of invalid IP addresses in DAT
2013-01-27 19:43 [B.A.T.M.A.N.] pull request: batman-adv 2013-01-27 Antonio Quartulli
2013-01-27 19:43 ` [B.A.T.M.A.N.] [PATCH 1/3] batman-adv: fix skb leak in batadv_dat_snoop_incoming_arp_reply() Antonio Quartulli
@ 2013-01-27 19:43 ` Antonio Quartulli
2013-01-27 19:43 ` [B.A.T.M.A.N.] [PATCH 3/3] batman-adv: filter ARP packets with invalid MAC " Antonio Quartulli
2013-01-28 0:11 ` [B.A.T.M.A.N.] pull request: batman-adv 2013-01-27 David Miller
3 siblings, 0 replies; 5+ messages in thread
From: Antonio Quartulli @ 2013-01-27 19:43 UTC (permalink / raw)
To: davem; +Cc: netdev, b.a.t.m.a.n, Marek Lindner
From: Matthias Schiffer <mschiffer@universe-factory.net>
There are more types of IP addresses that may appear in ARP packets that we
don't want to process. While some of these should never appear in sane ARP
packets, a 0.0.0.0 source is used for duplicate address detection and thus seen
quite often.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Antonio Quartulli <ordex@autistici.org>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---
net/batman-adv/distributed-arp-table.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c
index 9f4cff3..be3be28 100644
--- a/net/batman-adv/distributed-arp-table.c
+++ b/net/batman-adv/distributed-arp-table.c
@@ -777,7 +777,9 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv,
ip_src = batadv_arp_ip_src(skb, hdr_size);
ip_dst = batadv_arp_ip_dst(skb, hdr_size);
if (ipv4_is_loopback(ip_src) || ipv4_is_multicast(ip_src) ||
- ipv4_is_loopback(ip_dst) || ipv4_is_multicast(ip_dst))
+ ipv4_is_loopback(ip_dst) || ipv4_is_multicast(ip_dst) ||
+ ipv4_is_zeronet(ip_src) || ipv4_is_lbcast(ip_src) ||
+ ipv4_is_zeronet(ip_dst) || ipv4_is_lbcast(ip_dst))
goto out;
type = ntohs(arphdr->ar_op);
--
1.8.1.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [B.A.T.M.A.N.] [PATCH 3/3] batman-adv: filter ARP packets with invalid MAC addresses in DAT
2013-01-27 19:43 [B.A.T.M.A.N.] pull request: batman-adv 2013-01-27 Antonio Quartulli
2013-01-27 19:43 ` [B.A.T.M.A.N.] [PATCH 1/3] batman-adv: fix skb leak in batadv_dat_snoop_incoming_arp_reply() Antonio Quartulli
2013-01-27 19:43 ` [B.A.T.M.A.N.] [PATCH 2/3] batman-adv: check for more types of invalid IP addresses in DAT Antonio Quartulli
@ 2013-01-27 19:43 ` Antonio Quartulli
2013-01-28 0:11 ` [B.A.T.M.A.N.] pull request: batman-adv 2013-01-27 David Miller
3 siblings, 0 replies; 5+ messages in thread
From: Antonio Quartulli @ 2013-01-27 19:43 UTC (permalink / raw)
To: davem; +Cc: netdev, b.a.t.m.a.n, Marek Lindner
From: Matthias Schiffer <mschiffer@universe-factory.net>
We never want multicast MAC addresses in the Distributed ARP Table, so it's
best to completely ignore ARP packets containing them where we expect unicast
addresses.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Antonio Quartulli <ordex@autistici.org>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---
net/batman-adv/distributed-arp-table.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c
index be3be28..ea0bd31 100644
--- a/net/batman-adv/distributed-arp-table.c
+++ b/net/batman-adv/distributed-arp-table.c
@@ -738,6 +738,7 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv,
struct arphdr *arphdr;
struct ethhdr *ethhdr;
__be32 ip_src, ip_dst;
+ uint8_t *hw_src, *hw_dst;
uint16_t type = 0;
/* pull the ethernet header */
@@ -782,6 +783,18 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv,
ipv4_is_zeronet(ip_dst) || ipv4_is_lbcast(ip_dst))
goto out;
+ hw_src = batadv_arp_hw_src(skb, hdr_size);
+ if (is_zero_ether_addr(hw_src) || is_multicast_ether_addr(hw_src))
+ goto out;
+
+ /* we don't care about the destination MAC address in ARP requests */
+ if (arphdr->ar_op != htons(ARPOP_REQUEST)) {
+ hw_dst = batadv_arp_hw_dst(skb, hdr_size);
+ if (is_zero_ether_addr(hw_dst) ||
+ is_multicast_ether_addr(hw_dst))
+ goto out;
+ }
+
type = ntohs(arphdr->ar_op);
out:
return type;
--
1.8.1.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [B.A.T.M.A.N.] pull request: batman-adv 2013-01-27
2013-01-27 19:43 [B.A.T.M.A.N.] pull request: batman-adv 2013-01-27 Antonio Quartulli
` (2 preceding siblings ...)
2013-01-27 19:43 ` [B.A.T.M.A.N.] [PATCH 3/3] batman-adv: filter ARP packets with invalid MAC " Antonio Quartulli
@ 2013-01-28 0:11 ` David Miller
3 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2013-01-28 0:11 UTC (permalink / raw)
To: ordex; +Cc: netdev, b.a.t.m.a.n
From: Antonio Quartulli <ordex@autistici.org>
Date: Sun, 27 Jan 2013 20:43:56 +0100
> This is a small patchset intended for net/linux-3.8.
> Here there are three small patches from Matthias Schiffer aimed to fix some
> memory problems in the recently introduced D.A.T. component. One of them is
> fixing an skb memleak, one is fixing the ARP filter routine by preventing DAT to
> parse not useful messages (so reducing the amount of memory used by the local
> cache) and one fixing again the ARP filter routine by preventing DAT to
> overwrite correct entries with bogus ones in the local cache.
>
> Please pull or let me know if there is any problem.
Pulled, thanks Antonio.
^ permalink raw reply [flat|nested] 5+ messages in thread