* [B.A.T.M.A.N.] [PATCH v3 1/3] batman-adv: Disallow mcast src address for data frames
@ 2016-08-06 15:04 Sven Eckelmann
2016-08-06 15:04 ` [B.A.T.M.A.N.] [PATCH v3 2/3] batman-adv: Disallow zero and mcast src address for mgmt frames Sven Eckelmann
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Sven Eckelmann @ 2016-08-06 15:04 UTC (permalink / raw)
To: b.a.t.m.a.n
The routing checks are validating the source mac address of the outer
ethernet header. They reject every source mac address which is a broadcast
address. But they also have to reject and multicast mac addresses.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
---
v3:
- Fix patch subject
v2:
- clarify in commit message that only the outer ethernet header is
affected
(thanks Linus)
- split in patch 1/2
- Allow zero mac address as source address in outer header as requested by
Linus
---
net/batman-adv/routing.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
index 610f2c4..913ab51 100644
--- a/net/batman-adv/routing.c
+++ b/net/batman-adv/routing.c
@@ -357,8 +357,8 @@ int batadv_recv_icmp_packet(struct sk_buff *skb,
if (is_broadcast_ether_addr(ethhdr->h_dest))
goto out;
- /* packet with broadcast sender address */
- if (is_broadcast_ether_addr(ethhdr->h_source))
+ /* packet with broadcast/multicast sender address */
+ if (is_multicast_ether_addr(ethhdr->h_source))
goto out;
/* not for me */
@@ -449,8 +449,8 @@ static int batadv_check_unicast_packet(struct batadv_priv *bat_priv,
if (is_broadcast_ether_addr(ethhdr->h_dest))
return -EBADR;
- /* packet with broadcast sender address */
- if (is_broadcast_ether_addr(ethhdr->h_source))
+ /* packet with broadcast/multicast sender address */
+ if (is_multicast_ether_addr(ethhdr->h_source))
return -EBADR;
/* not for me */
@@ -1091,8 +1091,8 @@ int batadv_recv_bcast_packet(struct sk_buff *skb,
if (!is_broadcast_ether_addr(ethhdr->h_dest))
goto out;
- /* packet with broadcast sender address */
- if (is_broadcast_ether_addr(ethhdr->h_source))
+ /* packet with broadcast/multicast sender address */
+ if (is_multicast_ether_addr(ethhdr->h_source))
goto out;
/* ignore broadcasts sent by myself */
--
2.8.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [B.A.T.M.A.N.] [PATCH v3 2/3] batman-adv: Disallow zero and mcast src address for mgmt frames
2016-08-06 15:04 [B.A.T.M.A.N.] [PATCH v3 1/3] batman-adv: Disallow mcast src address for data frames Sven Eckelmann
@ 2016-08-06 15:04 ` Sven Eckelmann
2016-08-06 15:04 ` [B.A.T.M.A.N.] [PATCH v3 3/3] batman-adv: Reject unicast packet with zero/mcast dst address Sven Eckelmann
2016-10-24 10:10 ` [B.A.T.M.A.N.] [PATCH v3 1/3] batman-adv: Disallow mcast src address for data frames Simon Wunderlich
2 siblings, 0 replies; 4+ messages in thread
From: Sven Eckelmann @ 2016-08-06 15:04 UTC (permalink / raw)
To: b.a.t.m.a.n
The routing check for management frames is validating the source mac
address in the outer ethernet header. It rejects every source mac address
which is a broadcast address. But it also has to reject the zero-mac
address and multicast mac addresses.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
---
v3:
- Fix patch subject
v2:
- clarify in commit message that only the outer ethernet header is
affected
(thanks Linus)
- split in patch 1/2
---
net/batman-adv/routing.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
index 913ab51..e2b91e6 100644
--- a/net/batman-adv/routing.c
+++ b/net/batman-adv/routing.c
@@ -196,8 +196,8 @@ bool batadv_check_management_packet(struct sk_buff *skb,
if (!is_broadcast_ether_addr(ethhdr->h_dest))
return false;
- /* packet with broadcast sender address */
- if (is_broadcast_ether_addr(ethhdr->h_source))
+ /* packet with invalid sender address */
+ if (!is_valid_ether_addr(ethhdr->h_source))
return false;
/* create a copy of the skb, if needed, to modify it. */
--
2.8.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [B.A.T.M.A.N.] [PATCH v3 3/3] batman-adv: Reject unicast packet with zero/mcast dst address
2016-08-06 15:04 [B.A.T.M.A.N.] [PATCH v3 1/3] batman-adv: Disallow mcast src address for data frames Sven Eckelmann
2016-08-06 15:04 ` [B.A.T.M.A.N.] [PATCH v3 2/3] batman-adv: Disallow zero and mcast src address for mgmt frames Sven Eckelmann
@ 2016-08-06 15:04 ` Sven Eckelmann
2016-10-24 10:10 ` [B.A.T.M.A.N.] [PATCH v3 1/3] batman-adv: Disallow mcast src address for data frames Simon Wunderlich
2 siblings, 0 replies; 4+ messages in thread
From: Sven Eckelmann @ 2016-08-06 15:04 UTC (permalink / raw)
To: b.a.t.m.a.n
An unicast batman-adv packet cannot be transmitted to a multicast or zero
mac address. So reject incoming packets which still have these classes of
addresses as destination mac address in the outer ethernet header.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
---
v3:
- Fix patch subject
v2:
- clarify in commit message that only the outer ethernet header is
affected
(thanks Linus)
---
net/batman-adv/routing.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
index e2b91e6..65f405b 100644
--- a/net/batman-adv/routing.c
+++ b/net/batman-adv/routing.c
@@ -353,8 +353,8 @@ int batadv_recv_icmp_packet(struct sk_buff *skb,
ethhdr = eth_hdr(skb);
- /* packet with unicast indication but broadcast recipient */
- if (is_broadcast_ether_addr(ethhdr->h_dest))
+ /* packet with unicast indication but non-unicast recipient */
+ if (!is_valid_ether_addr(ethhdr->h_dest))
goto out;
/* packet with broadcast/multicast sender address */
@@ -445,8 +445,8 @@ static int batadv_check_unicast_packet(struct batadv_priv *bat_priv,
ethhdr = eth_hdr(skb);
- /* packet with unicast indication but broadcast recipient */
- if (is_broadcast_ether_addr(ethhdr->h_dest))
+ /* packet with unicast indication but non-unicast recipient */
+ if (!is_valid_ether_addr(ethhdr->h_dest))
return -EBADR;
/* packet with broadcast/multicast sender address */
--
2.8.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH v3 1/3] batman-adv: Disallow mcast src address for data frames
2016-08-06 15:04 [B.A.T.M.A.N.] [PATCH v3 1/3] batman-adv: Disallow mcast src address for data frames Sven Eckelmann
2016-08-06 15:04 ` [B.A.T.M.A.N.] [PATCH v3 2/3] batman-adv: Disallow zero and mcast src address for mgmt frames Sven Eckelmann
2016-08-06 15:04 ` [B.A.T.M.A.N.] [PATCH v3 3/3] batman-adv: Reject unicast packet with zero/mcast dst address Sven Eckelmann
@ 2016-10-24 10:10 ` Simon Wunderlich
2 siblings, 0 replies; 4+ messages in thread
From: Simon Wunderlich @ 2016-10-24 10:10 UTC (permalink / raw)
To: b.a.t.m.a.n
[-- Attachment #1: Type: text/plain, Size: 401 bytes --]
On Saturday, August 6, 2016 5:04:21 PM CEST Sven Eckelmann wrote:
> The routing checks are validating the source mac address of the outer
> ethernet header. They reject every source mac address which is a broadcast
> address. But they also have to reject and multicast mac addresses.
>
> Signed-off-by: Sven Eckelmann <sven@narfation.org>
Applied this series in 3868d9b..bca103c.
Thanks,
Simon
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 801 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-10-24 10:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-08-06 15:04 [B.A.T.M.A.N.] [PATCH v3 1/3] batman-adv: Disallow mcast src address for data frames Sven Eckelmann
2016-08-06 15:04 ` [B.A.T.M.A.N.] [PATCH v3 2/3] batman-adv: Disallow zero and mcast src address for mgmt frames Sven Eckelmann
2016-08-06 15:04 ` [B.A.T.M.A.N.] [PATCH v3 3/3] batman-adv: Reject unicast packet with zero/mcast dst address Sven Eckelmann
2016-10-24 10:10 ` [B.A.T.M.A.N.] [PATCH v3 1/3] batman-adv: Disallow mcast src address for data frames Simon Wunderlich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).