This is a small patchset intended for net/linux-3.8. Here there are three small patches from Matthias Schiffer aimed to fix some memory problems in the recently introduced D.A.T. component. One of them is fixing an skb memleak, one is fixing the ARP filter routine by preventing DAT to parse not useful messages (so reducing the amount of memory used by the local cache) and one fixing again the ARP filter routine by preventing DAT to overwrite correct entries with bogus ones in the local cache.
Please pull or let me know if there is any problem.
Thanks a lot, Antonio
The following changes since commit 1591ab6740326aaf41e194c43bdf8ece6e2e4835:
Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless (2013-01-27 01:37:22 -0500)
are available in the git repository at:
git://git.open-mesh.org/linux-merge.git tags/batman-adv-fix-for-davem
for you to fetch changes up to b618ad1103c9ea0c4a69b44f42fc3c7b4e231e22:
batman-adv: filter ARP packets with invalid MAC addresses in DAT (2013-01-27 14:02:39 +0100)
---------------------------------------------------------------- Included changes ares: - fix an skb memleak in DAT - fix the ARP filtering routine in DAT by preventing bogus entries to overwrite already existing ones in the local cache. - fix the ARP filtering routine in DAT by preventing it to parse and add to the cache bogus entries
---------------------------------------------------------------- Matthias Schiffer (3): batman-adv: fix skb leak in batadv_dat_snoop_incoming_arp_reply() batman-adv: check for more types of invalid IP addresses in DAT batman-adv: filter ARP packets with invalid MAC addresses in DAT
net/batman-adv/distributed-arp-table.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-)
From: Matthias Schiffer mschiffer@universe-factory.net
The callers of batadv_dat_snoop_incoming_arp_reply() assume the skb has been freed when it returns true; fix this by calling kfree_skb before returning as it is done in batadv_dat_snoop_incoming_arp_request().
Signed-off-by: Matthias Schiffer mschiffer@universe-factory.net Signed-off-by: Marek Lindner lindner_marek@yahoo.de Acked-by: Antonio Quartulli ordex@autistici.org Signed-off-by: Antonio Quartulli ordex@autistici.org --- net/batman-adv/distributed-arp-table.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c index 7485a78..9f4cff3 100644 --- a/net/batman-adv/distributed-arp-table.c +++ b/net/batman-adv/distributed-arp-table.c @@ -1012,6 +1012,8 @@ bool batadv_dat_snoop_incoming_arp_reply(struct batadv_priv *bat_priv, */ ret = !batadv_is_my_client(bat_priv, hw_dst); out: + if (ret) + kfree_skb(skb); /* if ret == false -> packet has to be delivered to the interface */ return ret; }
From: Matthias Schiffer mschiffer@universe-factory.net
There are more types of IP addresses that may appear in ARP packets that we don't want to process. While some of these should never appear in sane ARP packets, a 0.0.0.0 source is used for duplicate address detection and thus seen quite often.
Signed-off-by: Matthias Schiffer mschiffer@universe-factory.net Acked-by: Antonio Quartulli ordex@autistici.org Signed-off-by: Marek Lindner lindner_marek@yahoo.de Signed-off-by: Antonio Quartulli ordex@autistici.org --- net/batman-adv/distributed-arp-table.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c index 9f4cff3..be3be28 100644 --- a/net/batman-adv/distributed-arp-table.c +++ b/net/batman-adv/distributed-arp-table.c @@ -777,7 +777,9 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv, ip_src = batadv_arp_ip_src(skb, hdr_size); ip_dst = batadv_arp_ip_dst(skb, hdr_size); if (ipv4_is_loopback(ip_src) || ipv4_is_multicast(ip_src) || - ipv4_is_loopback(ip_dst) || ipv4_is_multicast(ip_dst)) + ipv4_is_loopback(ip_dst) || ipv4_is_multicast(ip_dst) || + ipv4_is_zeronet(ip_src) || ipv4_is_lbcast(ip_src) || + ipv4_is_zeronet(ip_dst) || ipv4_is_lbcast(ip_dst)) goto out;
type = ntohs(arphdr->ar_op);
From: Matthias Schiffer mschiffer@universe-factory.net
We never want multicast MAC addresses in the Distributed ARP Table, so it's best to completely ignore ARP packets containing them where we expect unicast addresses.
Signed-off-by: Matthias Schiffer mschiffer@universe-factory.net Acked-by: Antonio Quartulli ordex@autistici.org Signed-off-by: Marek Lindner lindner_marek@yahoo.de Signed-off-by: Antonio Quartulli ordex@autistici.org --- net/batman-adv/distributed-arp-table.c | 13 +++++++++++++ 1 file changed, 13 insertions(+)
diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c index be3be28..ea0bd31 100644 --- a/net/batman-adv/distributed-arp-table.c +++ b/net/batman-adv/distributed-arp-table.c @@ -738,6 +738,7 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv, struct arphdr *arphdr; struct ethhdr *ethhdr; __be32 ip_src, ip_dst; + uint8_t *hw_src, *hw_dst; uint16_t type = 0;
/* pull the ethernet header */ @@ -782,6 +783,18 @@ static uint16_t batadv_arp_get_type(struct batadv_priv *bat_priv, ipv4_is_zeronet(ip_dst) || ipv4_is_lbcast(ip_dst)) goto out;
+ hw_src = batadv_arp_hw_src(skb, hdr_size); + if (is_zero_ether_addr(hw_src) || is_multicast_ether_addr(hw_src)) + goto out; + + /* we don't care about the destination MAC address in ARP requests */ + if (arphdr->ar_op != htons(ARPOP_REQUEST)) { + hw_dst = batadv_arp_hw_dst(skb, hdr_size); + if (is_zero_ether_addr(hw_dst) || + is_multicast_ether_addr(hw_dst)) + goto out; + } + type = ntohs(arphdr->ar_op); out: return type;
From: Antonio Quartulli ordex@autistici.org Date: Sun, 27 Jan 2013 20:43:56 +0100
This is a small patchset intended for net/linux-3.8. Here there are three small patches from Matthias Schiffer aimed to fix some memory problems in the recently introduced D.A.T. component. One of them is fixing an skb memleak, one is fixing the ARP filter routine by preventing DAT to parse not useful messages (so reducing the amount of memory used by the local cache) and one fixing again the ARP filter routine by preventing DAT to overwrite correct entries with bogus ones in the local cache.
Please pull or let me know if there is any problem.
Pulled, thanks Antonio.
b.a.t.m.a.n@lists.open-mesh.org
-
Antonio Quartulli -
David Miller