[maintv3,2/3] batman-adv: avoid keeping false temporary entry
Commit Message
In the case when a temporary entry is added first and a proper tt entry
is added after that, the temporary tt entry is kept in the orig list.
However the temporary flag is removed at this point, and therefore the
purge function can not find this temporary entry anymore.
Therefore, remove the previous temp entry before adding the new proper
one.
This case can happen if a client behind a given originator moves before
the TT announcement is sent out. Other than that, this case can also be
created by bogus or malicious payload frames for VLANs which are not
existent on the sending originator.
Reported-by: Alessandro Bolletta <alessandro@mediaspot.net>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
---
Changes to PATCHv2:
* extend commit message to explain scenario
---
net/batman-adv/translation-table.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
Comments
On 02/09/15 20:09, Simon Wunderlich wrote:
> In the case when a temporary entry is added first and a proper tt entry
> is added after that, the temporary tt entry is kept in the orig list.
> However the temporary flag is removed at this point, and therefore the
> purge function can not find this temporary entry anymore.
>
> Therefore, remove the previous temp entry before adding the new proper
> one.
>
> This case can happen if a client behind a given originator moves before
> the TT announcement is sent out. Other than that, this case can also be
> created by bogus or malicious payload frames for VLANs which are not
> existent on the sending originator.
>
> Reported-by: Alessandro Bolletta <alessandro@mediaspot.net>
> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Acked-by: Antonio Quartulli <antonio@meshcoding.com>
On Wednesday, September 02, 2015 20:11:01 Antonio Quartulli wrote:
> On 02/09/15 20:09, Simon Wunderlich wrote:
> > In the case when a temporary entry is added first and a proper tt entry
> > is added after that, the temporary tt entry is kept in the orig list.
> > However the temporary flag is removed at this point, and therefore the
> > purge function can not find this temporary entry anymore.
> >
> > Therefore, remove the previous temp entry before adding the new proper
> > one.
> >
> > This case can happen if a client behind a given originator moves before
> > the TT announcement is sent out. Other than that, this case can also be
> > created by bogus or malicious payload frames for VLANs which are not
> > existent on the sending originator.
> >
> > Reported-by: Alessandro Bolletta <alessandro@mediaspot.net>
> > Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
>
> Acked-by: Antonio Quartulli <antonio@meshcoding.com>
Applied in revision 4a73d74.
Thanks,
Marek
@@ -1416,9 +1416,15 @@ static bool batadv_tt_global_add(struct batadv_priv *bat_priv,
}
/* if the client was temporary added before receiving the first
- * OGM announcing it, we have to clear the TEMP flag
+ * OGM announcing it, we have to clear the TEMP flag. Also,
+ * remove the previous temporary orig node and re-add it
+ * if required. If the orig entry changed, the new one which
+ * is a non-temporary entry is preferred.
*/
- common->flags &= ~BATADV_TT_CLIENT_TEMP;
+ if (common->flags & BATADV_TT_CLIENT_TEMP) {
+ batadv_tt_global_del_orig_list(tt_global_entry);
+ common->flags &= ~BATADV_TT_CLIENT_TEMP;
+ }
/* the change can carry possible "attribute" flags like the
* TT_CLIENT_WIFI, therefore they have to be copied in the