Hi, On 06/07/17 13:02, Linus Lüssing wrote: > This patch fixes an issue in the translation table code potentially > leading to a TT Request + Response storm. The issue may occur for nodes > involving BLA and an inconsistent configuration of the batman-adv AP > isolation feature. However, since the new multicast optimizations, a > single, malformed packet may lead to a mesh-wide, persistent > Denial-of-Service, too. > > The issue occurs because nodes are currently OR-ing the TT sync flags of > all originators announcing a specific MAC address via the > translation table. When an intermediate node now receives a TT Request > and wants to answer this on behave of the destination node then this > intermediate node now responds with an altered flag field and broken > CRC. The next OGM of the real destination will lead to a CRC mismatch > and triggering a TT Request and Response again. > > Furthermore, the OR-ing is currently never undone as long as at least > one originator announcing the according MAC address remains, leading to > the potential persistency of this issue. > > This patch fixes this issue by storing the flags used in the CRC > calculation on a a per TT orig entry basis to be able to respond with > the correct, original flags in an intermediate TT Response for one > thing. And to be able to correctly unset sync flags once all nodes > announcing a sync flag vanish for another. > > Fixes: fa614fd04692 ("batman-adv: fix tt_global_entries flags update") > Signed-off-by: Linus Lüssing > > --- > > Changes v2: > * Fix an issue with not applying the TEMP flag, introduced in v1 > -> Remove the OR-ing operation for TT SYNC flags only Version 2 looks good to me. I had some doubts but I managed to clarify them with Linus on IRC. Acked-by: Antonio Quartulli Cheers, -- Antonio Quartulli