diff mbox series

[maint] batman-adv: fix multicast-via-unicast transmission with AP isolation

Message ID 20180320021327.30877-1-linus.luessing@c0d3.blue
State Accepted, archived
Commit 67a50c93bceb534937d6a188eded79272ff6d55d
Delegated to: Simon Wunderlich
Headers show
Series [maint] batman-adv: fix multicast-via-unicast transmission with AP isolation | expand

Commit Message

Linus Lüssing March 20, 2018, 2:13 a.m. UTC
For multicast frames AP isolation is only supposed to be checked on
the receiving nodes and never on the originating one.

Furthermore, the isolation or wifi flag bits should only be intepreted
as such for unicast and never multicast TT entries.

By injecting flags to the multicast TT entry claimed by a single
target node it was verified in tests that this multicast address
becomes unreachable, leading to packet loss.

Omitting the "src" parameter to the batadv_transtable_search() call
successfully skipped the AP isolation check and made the target
reachable again.

Fixes: 405cc1e5a81e ("batman-adv: Modified forwarding behaviour for multicast packets")
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

---

This issue currently cannot appear in the wild. See explanation here:

https://www.open-mesh.org/issues/335#note-16

However if we were to legitimately start using these flags for
multicast's own purposes then we would start to see issues in AP
isolation setups. Therefore, and because the fix is tiny and "obvious",
I think it would still make sense to send it through stable@.
---
 net/batman-adv/multicast.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Sven Eckelmann March 24, 2018, 9:41 a.m. UTC | #1
On Dienstag, 20. März 2018 03:13:27 CET Linus Lüssing wrote:
> For multicast frames AP isolation is only supposed to be checked on
> the receiving nodes and never on the originating one.
> 
> Furthermore, the isolation or wifi flag bits should only be intepreted
> as such for unicast and never multicast TT entries.
> 
> By injecting flags to the multicast TT entry claimed by a single
> target node it was verified in tests that this multicast address
> becomes unreachable, leading to packet loss.
> 
> Omitting the "src" parameter to the batadv_transtable_search() call
> successfully skipped the AP isolation check and made the target
> reachable again.
> 
> Fixes: 405cc1e5a81e ("batman-adv: Modified forwarding behaviour for multicast packets")
> Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
> 
> ---
> 
> This issue currently cannot appear in the wild. See explanation here:
> 
> https://www.open-mesh.org/issues/335#note-16
> 
> However if we were to legitimately start using these flags for
> multicast's own purposes then we would start to see issues in AP
> isolation setups. Therefore, and because the fix is tiny and "obvious",
> I think it would still make sense to send it through stable@.
> ---
>  net/batman-adv/multicast.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 

Applied as 67a50c93bceb [1].

Thanks,
	Sven

[1] https://git.open-mesh.org/batman-adv.git/commit/67a50c93bceb534937d6a188eded79272ff6d55d
diff mbox series

Patch

diff --git a/net/batman-adv/multicast.c b/net/batman-adv/multicast.c
index de3a055f..a11d3d89 100644
--- a/net/batman-adv/multicast.c
+++ b/net/batman-adv/multicast.c
@@ -869,8 +869,8 @@  static struct batadv_orig_node *
 batadv_mcast_forw_tt_node_get(struct batadv_priv *bat_priv,
 			      struct ethhdr *ethhdr)
 {
-	return batadv_transtable_search(bat_priv, ethhdr->h_source,
-					ethhdr->h_dest, BATADV_NO_FLAGS);
+	return batadv_transtable_search(bat_priv, NULL, ethhdr->h_dest,
+					BATADV_NO_FLAGS);
 }
 
 /**