[B.A.T.M.A.N.] [PATCH v3 1/3] batman-adv: Disallow mcast src address for data frames

[B.A.T.M.A.N.] [PATCH v3 1/3] batman-adv: Disallow mcast src address for data frames

[Sven Eckelmann]

The routing checks are validating the source mac address of the outer
ethernet header. They reject every source mac address which is a broadcast
address. But they also have to reject and multicast mac addresses.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
---
v3:
 - Fix patch subject
v2:
 - clarify in commit message that only the outer ethernet header is
   affected
   (thanks Linus)
 - split in patch 1/2
 - Allow zero mac address as source address in outer header as requested by
   Linus
---
 net/batman-adv/routing.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
index 610f2c4..913ab51 100644
--- a/net/batman-adv/routing.c
+++ b/net/batman-adv/routing.c
@@ -357,8 +357,8 @@ int batadv_recv_icmp_packet(struct sk_buff *skb,
 	if (is_broadcast_ether_addr(ethhdr->h_dest))
 		goto out;
 
-	/* packet with broadcast sender address */
-	if (is_broadcast_ether_addr(ethhdr->h_source))
+	/* packet with broadcast/multicast sender address */
+	if (is_multicast_ether_addr(ethhdr->h_source))
 		goto out;
 
 	/* not for me */
@@ -449,8 +449,8 @@ static int batadv_check_unicast_packet(struct batadv_priv *bat_priv,
 	if (is_broadcast_ether_addr(ethhdr->h_dest))
 		return -EBADR;
 
-	/* packet with broadcast sender address */
-	if (is_broadcast_ether_addr(ethhdr->h_source))
+	/* packet with broadcast/multicast sender address */
+	if (is_multicast_ether_addr(ethhdr->h_source))
 		return -EBADR;
 
 	/* not for me */
@@ -1091,8 +1091,8 @@ int batadv_recv_bcast_packet(struct sk_buff *skb,
 	if (!is_broadcast_ether_addr(ethhdr->h_dest))
 		goto out;
 
-	/* packet with broadcast sender address */
-	if (is_broadcast_ether_addr(ethhdr->h_source))
+	/* packet with broadcast/multicast sender address */
+	if (is_multicast_ether_addr(ethhdr->h_source))
 		goto out;
 
 	/* ignore broadcasts sent by myself */
-- 
2.8.1

[B.A.T.M.A.N.] [PATCH v3 2/3] batman-adv: Disallow zero and mcast src address for mgmt frames

[Sven Eckelmann]

The routing check for management frames is validating the source mac
address in the outer ethernet header. It rejects every source mac address
which is a broadcast address. But it also has to reject the zero-mac
address and multicast mac addresses.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
---
v3:
 - Fix patch subject
v2:
 - clarify in commit message that only the outer ethernet header is
   affected
   (thanks Linus)
 - split in patch 1/2
---
 net/batman-adv/routing.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
index 913ab51..e2b91e6 100644
--- a/net/batman-adv/routing.c
+++ b/net/batman-adv/routing.c
@@ -196,8 +196,8 @@ bool batadv_check_management_packet(struct sk_buff *skb,
 	if (!is_broadcast_ether_addr(ethhdr->h_dest))
 		return false;
 
-	/* packet with broadcast sender address */
-	if (is_broadcast_ether_addr(ethhdr->h_source))
+	/* packet with invalid sender address */
+	if (!is_valid_ether_addr(ethhdr->h_source))
 		return false;
 
 	/* create a copy of the skb, if needed, to modify it. */
-- 
2.8.1

[B.A.T.M.A.N.] [PATCH v3 3/3] batman-adv: Reject unicast packet with zero/mcast dst address

[Sven Eckelmann]

An unicast batman-adv packet cannot be transmitted to a multicast or zero
mac address. So reject incoming packets which still have these classes of
addresses as destination mac address in the outer ethernet header.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
---
v3:
 - Fix patch subject
v2:
 - clarify in commit message that only the outer ethernet header is
   affected
   (thanks Linus)
---
 net/batman-adv/routing.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
index e2b91e6..65f405b 100644
--- a/net/batman-adv/routing.c
+++ b/net/batman-adv/routing.c
@@ -353,8 +353,8 @@ int batadv_recv_icmp_packet(struct sk_buff *skb,
 
 	ethhdr = eth_hdr(skb);
 
-	/* packet with unicast indication but broadcast recipient */
-	if (is_broadcast_ether_addr(ethhdr->h_dest))
+	/* packet with unicast indication but non-unicast recipient */
+	if (!is_valid_ether_addr(ethhdr->h_dest))
 		goto out;
 
 	/* packet with broadcast/multicast sender address */
@@ -445,8 +445,8 @@ static int batadv_check_unicast_packet(struct batadv_priv *bat_priv,
 
 	ethhdr = eth_hdr(skb);
 
-	/* packet with unicast indication but broadcast recipient */
-	if (is_broadcast_ether_addr(ethhdr->h_dest))
+	/* packet with unicast indication but non-unicast recipient */
+	if (!is_valid_ether_addr(ethhdr->h_dest))
 		return -EBADR;
 
 	/* packet with broadcast/multicast sender address */
-- 
2.8.1

Re: [B.A.T.M.A.N.] [PATCH v3 1/3] batman-adv: Disallow mcast src address for data frames

[Simon Wunderlich]

[-- Attachment #1: Type: text/plain, Size: 401 bytes --]

On Saturday, August 6, 2016 5:04:21 PM CEST Sven Eckelmann wrote:
> The routing checks are validating the source mac address of the outer
> ethernet header. They reject every source mac address which is a broadcast
> address. But they also have to reject and multicast mac addresses.
> 
> Signed-off-by: Sven Eckelmann <sven@narfation.org>

Applied this series in 3868d9b..bca103c.

Thanks,
     Simon

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 801 bytes --]