On Thursday, July 6, 2017 7:02:25 AM CEST Linus Lüssing wrote:
> This patch fixes an issue in the translation table code potentially
> leading to a TT Request + Response storm. The issue may occur for nodes
> involving BLA and an inconsistent configuration of the batman-adv AP
> isolation feature. However, since the new multicast optimizations, a
> single, malformed packet may lead to a mesh-wide, persistent
> Denial-of-Service, too.
> 
> The issue occurs because nodes are currently OR-ing the TT sync flags of
> all originators announcing a specific MAC address via the
> translation table. When an intermediate node now receives a TT Request
> and wants to answer this on behave of the destination node then this
> intermediate node now responds with an altered flag field and broken
> CRC. The next OGM of the real destination will lead to a CRC mismatch
> and triggering a TT Request and Response again.
> 
> Furthermore, the OR-ing is currently never undone as long as at least
> one originator announcing the according MAC address remains, leading to
> the potential persistency of this issue.
> 
> This patch fixes this issue by storing the flags used in the CRC
> calculation on a a per TT orig entry basis to be able to respond with
> the correct, original flags in an intermediate TT Response for one
> thing. And to be able to correctly unset sync flags once all nodes
> announcing a sync flag vanish for another.
> 
> Fixes: fa614fd04692 ("batman-adv: fix tt_global_entries flags update")
> Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

Applied in 2035bb89 with minor changes in the commit message

Thank you,
     Simon