From patchwork Fri Apr 13 18:16:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sven Eckelmann X-Patchwork-Id: 17331 X-Patchwork-Delegate: sw@simonwunderlich.de Return-Path: X-Original-To: patchwork@open-mesh.org Delivered-To: patchwork@open-mesh.org Received: from open-mesh.org (localhost [IPv6:::1]) by open-mesh.org (Postfix) with ESMTP id 1B67D81119; Fri, 13 Apr 2018 20:16:31 +0200 (CEST) Authentication-Results: open-mesh.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=narfation.org header.i=@narfation.org header.b="OE9DL0Mi"; dkim-atps=neutral Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2001:4d88:2000:7::2; helo=v3-1039.vlinux.de; envelope-from=sven@narfation.org; receiver= Received: from v3-1039.vlinux.de (narfation.org [IPv6:2001:4d88:2000:7::2]) by open-mesh.org (Postfix) with ESMTPS id A291C8023E for ; Fri, 13 Apr 2018 20:16:28 +0200 (CEST) Received: from sven-desktop.home.narfation.org (p200300C593C58EF90000000000004065.dip0.t-ipconnect.de [IPv6:2003:c5:93c5:8ef9::4065]) by v3-1039.vlinux.de (Postfix) with ESMTPSA id B7444110116; Fri, 13 Apr 2018 20:16:27 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=narfation.org; s=20121; t=1523643387; bh=xOjCXlcnvCcYvsqfgMCXBnGnbIfHQiM29IO627FD7UQ=; h=From:To:Cc:Subject:Date:From; b=OE9DL0Mi60nxLSyJEMYyqqV0R2hC1diK1GyDS0UfOtTWSPzet2C1KrQqzyckASRpv zpSIu1989tk7cTlAEiXrEe51GZLvcKLUHL0g1AynxTMgM7XMAHQ+eprhvzqPoI+0z0 Hf+M2sGCimxi8HkeiHLYHehERHeu8pzzfnsBWLzo= From: Sven Eckelmann To: b.a.t.m.a.n@lists.open-mesh.org Date: Fri, 13 Apr 2018 20:16:18 +0200 Message-Id: <20180413181618.24144-1-sven@narfation.org> X-Mailer: git-send-email 2.17.0 Subject: [B.A.T.M.A.N.] [PATCH] batctl: Validate translated mac addresses X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The list for a Better Approach To Mobile Ad-hoc Networking List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking Cc: Andre Kasper Errors-To: b.a.t.m.a.n-bounces@lists.open-mesh.org Sender: "B.A.T.M.A.N" The IP translation layer is using the neighbor table of the kernel to get the unicast link layer (mac) address for IP(v4|v6) addresses. The kernel can not only return unicast mac addresses to such an RTM_GETNEIGH request but also zero mac address. Such an address must be considered invalid because the global translation table may not only contain a unique client mac address entry for it. The translation from client mac to originator will therefore most likely return an unexpected originator. Dropping these kind of (bogus) results avoids confusions while using things like batctl's ping or traceroute. Reported-by: Andre Kasper Signed-off-by: Sven Eckelmann Acked-by: Antonio Quartulli --- Cc: Andre Kasper See https://www.open-mesh.org/issues/353 --- functions.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/functions.c b/functions.c index cd92b60..3c340a2 100644 --- a/functions.c +++ b/functions.c @@ -571,6 +571,19 @@ static struct nla_policy neigh_policy[NDA_MAX+1] = { [NDA_PROBES] = { .type = NLA_U32 }, }; +static bool ether_addr_valid(const uint8_t *addr) +{ + /* no multicast address */ + if (addr[0] & 0x01) + return false; + + /* no zero address */ + if ((addr[0] | addr[1] | addr[2] | addr[3] | addr[4] | addr[5]) == 0) + return false; + + return true; +} + static int resolve_mac_from_parse(struct nl_msg *msg, void *arg) { struct nlattr *tb[NDA_MAX + 1]; @@ -616,6 +629,9 @@ static int resolve_mac_from_parse(struct nl_msg *msg, void *arg) mac = nla_data(tb[NDA_LLADDR]); l3addr = nla_data(tb[NDA_DST]); + if (!ether_addr_valid(mac)) + goto err; + if (memcmp(nl_arg->l3addr, l3addr, l3_len) == 0) { memcpy(nl_arg->mac_result, mac, ETH_ALEN); nl_arg->found = 1;