[v2,2/2] batman-adv: filter ARP packets with invalid MAC addresses in DAT
Commit Message
We never want multicast MAC addresses in the Distributed ARP Table, so it's
best to completely ignore ARP packets containing them where we expect unicast
addresses.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
---
distributed-arp-table.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
Comments
On 01/24/2013 06:18 PM, Matthias Schiffer wrote:
> We never want multicast MAC addresses in the Distributed ARP Table, so it's
> best to completely ignore ARP packets containing them where we expect unicast
> addresses.
>
> Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
> ---
> distributed-arp-table.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/distributed-arp-table.c b/distributed-arp-table.c
> index a35466a..c89a01e 100644
> --- a/distributed-arp-table.c
> +++ b/distributed-arp-table.c
> @@ -738,6 +738,7 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv,
> struct arphdr *arphdr;
> struct ethhdr *ethhdr;
> __be32 ip_src, ip_dst;
> + uint8_t *hw_src, *hw_dst;
> uint16_t type = 0;
>
> /* pull the ethernet header */
> @@ -782,6 +783,18 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv,
> ipv4_is_zeronet(ip_dst) || ipv4_is_lbcast(ip_dst))
> goto out;
>
> + hw_src = batadv_arp_hw_src(skb, hdr_size);
> + if (is_zero_ether_addr(hw_src) || is_multicast_ether_addr(hw_src))
> + goto out;
> +
> + /* we don't care for the destination MAC address in ARP requests */
Oops, this comment should be "care about" ... if the patch is okay apart
from this, should I make a v3, or can you just fix it when applying the
patch?
> + if (arphdr->ar_op != htons(ARPOP_REQUEST)) {
> + hw_dst = batadv_arp_hw_dst(skb, hdr_size);
> + if (is_zero_ether_addr(hw_dst) ||
> + is_multicast_ether_addr(hw_dst))
> + goto out;
> + }
> +
> type = ntohs(arphdr->ar_op);
> out:
> return type;
>
Matthias
On Thu, Jan 24, 2013 at 06:18:27PM +0100, Matthias Schiffer wrote:
> We never want multicast MAC addresses in the Distributed ARP Table, so it's
> best to completely ignore ARP packets containing them where we expect unicast
> addresses.
>
> Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Antonio Quartulli <ordex@autistici.org>
Please merge into maint.
Cheers,
On Friday, January 25, 2013 21:28:49 Antonio Quartulli wrote:
> On Thu, Jan 24, 2013 at 06:18:27PM +0100, Matthias Schiffer wrote:
> > We never want multicast MAC addresses in the Distributed ARP Table, so
> > it's best to completely ignore ARP packets containing them where we
> > expect unicast addresses.
> >
> > Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
>
> Acked-by: Antonio Quartulli <ordex@autistici.org>
Applied in revision ab361a9.
Thanks,
Marek
@@ -738,6 +738,7 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv,
struct arphdr *arphdr;
struct ethhdr *ethhdr;
__be32 ip_src, ip_dst;
+ uint8_t *hw_src, *hw_dst;
uint16_t type = 0;
/* pull the ethernet header */
@@ -782,6 +783,18 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv,
ipv4_is_zeronet(ip_dst) || ipv4_is_lbcast(ip_dst))
goto out;
+ hw_src = batadv_arp_hw_src(skb, hdr_size);
+ if (is_zero_ether_addr(hw_src) || is_multicast_ether_addr(hw_src))
+ goto out;
+
+ /* we don't care for the destination MAC address in ARP requests */
+ if (arphdr->ar_op != htons(ARPOP_REQUEST)) {
+ hw_dst = batadv_arp_hw_dst(skb, hdr_size);
+ if (is_zero_ether_addr(hw_dst) ||
+ is_multicast_ether_addr(hw_dst))
+ goto out;
+ }
+
type = ntohs(arphdr->ar_op);
out:
return type;