Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3318690imu; Sun, 11 Nov 2018 12:15:44 -0800 (PST) X-Google-Smtp-Source: AJdET5crUNtELpI5WAGApCs13VpZQ4F5czIOWPrFF3af0ZtKIajf9KIA6rUKvXpFjCBcD4LIbgzv X-Received: by 2002:a65:4683:: with SMTP id h3mr14374393pgr.225.1541967344805; Sun, 11 Nov 2018 12:15:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541967344; cv=none; d=google.com; s=arc-20160816; b=QeCT7oYeEo7VFo09EKSQy5UOdc4W/wvfTwJ0eFAGmZzmP0e+swkuxZFWbWqO9jXSWb hx0IBLf1hH+KLEzwjMvmEBNAozqssJMPiwdqkov3gbC/HIlBdTUydGOzrkzdhXPk0QFb t+mVoNEr3f4E36OE+Ki0kLpUVNHmwQdHNd+xZRiz3qqylPpp96UR9YVTBhCSd/dNFyWM Sf0u/jkLlptm9FdZKWQemQBHDE5WtPfJNqDIpiodniAotkrIDEc38+91dezCvPHd3YTh scMQd+QuZxbcJodpC6uy87RTIVk7Z27/yrLo6n08OZ3a+a/btwfBSKewRsA1Esctc+vD 8Cqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition; bh=/JifC5Ipzdo4iBpU5insqR9BL5Sl1Bzy1jXgE1ydFUI=; b=iPjq0PN4i6lwLVuwRlkCwQZS/v/toAyL2B6UaGGf/TPgTvJYj7sYlt1VbwnqH0M4Wa Wb7JysYrjTleGPXEpRbIapnKfjr2zG/jq0SClFJLCUBBQ7/lOzrWQ1176aixNMTntOEr QK8Yp9HdP5KkM7xtcfT1Qelccn7GY2nHoEAQiUm49ScGTTe/6spdWg4Ci5nqo4Er9pWj pZuGf5YbiFXfTbTrjBI4BjmyORCN3QBEHlaGeSihsTJwNhIZj/xHXIYyfQOFAhlFep3+ 0tm6V5o8Oc1U+DRzkkQMrTIBFf2GHCvtCeZzB69kibZawYo4HeePui26YoIHewKIHJju rkcQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w2-v6si15089695ply.21.2018.11.11.12.15.29; Sun, 11 Nov 2018 12:15:44 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731496AbeKLGDQ (ORCPT + 99 others); Mon, 12 Nov 2018 01:03:16 -0500 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:52758 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731392AbeKLGDP (ORCPT ); Mon, 12 Nov 2018 01:03:15 -0500 Received: from [192.168.4.242] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1gLvsy-0000lJ-6O; Sun, 11 Nov 2018 19:59:08 +0000 Received: from ben by deadeye with local (Exim 4.91) (envelope-from ) id 1gLvsU-0001cz-2G; Sun, 11 Nov 2018 19:58:38 +0000 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, "Leonardo =?UTF-8?Q?M=C3=B6rlein?=" , "Simon Wunderlich" , "=?UTF-8?q?Linus=20L=C3=BCssing?=" Date: Sun, 11 Nov 2018 19:49:05 +0000 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) Subject: [PATCH 3.16 191/366] batman-adv: Fix multicast TT issues with bogus ROAM flags In-Reply-To: X-SA-Exim-Connect-IP: 192.168.4.242 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.61-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Linus Lüssing commit a44ebeff6bbd6ef50db41b4195fca87b21aefd20 upstream. When a (broken) node wrongly sends multicast TT entries with a ROAM flag then this causes any receiving node to drop all entries for the same multicast MAC address announced by other nodes, leading to packet loss. Fix this DoS vector by only storing TT sync flags. For multicast TT non-sync'ing flag bits like ROAM are unused so far anyway. Fixes: 1d8ab8d3c176 ("batman-adv: Modified forwarding behaviour for multicast packets") Reported-by: Leonardo Mörlein Signed-off-by: Linus Lüssing Signed-off-by: Simon Wunderlich Signed-off-by: Ben Hutchings --- net/batman-adv/translation-table.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/net/batman-adv/translation-table.c +++ b/net/batman-adv/translation-table.c @@ -1378,7 +1378,8 @@ static bool batadv_tt_global_add(struct ether_addr_copy(common->addr, tt_addr); common->vid = vid; - common->flags = flags & (~BATADV_TT_SYNC_MASK); + if (!is_multicast_ether_addr(common->addr)) + common->flags = flags & (~BATADV_TT_SYNC_MASK); tt_global_entry->roam_at = 0; /* node must store current time in case of roaming. This is @@ -1435,7 +1436,8 @@ static bool batadv_tt_global_add(struct * TT_CLIENT_TEMP, therefore they have to be copied in the * client entry */ - common->flags |= flags & (~BATADV_TT_SYNC_MASK); + if (!is_multicast_ether_addr(common->addr)) + common->flags |= flags & (~BATADV_TT_SYNC_MASK); /* If there is the BATADV_TT_CLIENT_ROAM flag set, there is only * one originator left in the list and we previously received a