1 From: Linus Lüssing <linus.luessing@c0d3.blue>
2 Date: Thu, 6 Jul 2017 07:02:25 +0200
3 Subject: [PATCH] batman-adv: fix TT sync flag inconsistencies
5 This patch fixes an issue in the translation table code potentially
6 leading to a TT Request + Response storm. The issue may occur for nodes
7 involving BLA and an inconsistent configuration of the batman-adv AP
8 isolation feature. However, since the new multicast optimizations, a
9 single, malformed packet may lead to a mesh-wide, persistent
10 Denial-of-Service, too.
12 The issue occurs because nodes are currently OR-ing the TT sync flags of
13 all originators announcing a specific MAC address via the
14 translation table. When an intermediate node now receives a TT Request
15 and wants to answer this on behave of the destination node then this
16 intermediate node now responds with an altered flag field and broken
17 CRC. The next OGM of the real destination will lead to a CRC mismatch
18 and triggering a TT Request and Response again.
20 Furthermore, the OR-ing is currently never undone as long as at least
21 one originator announcing the according MAC address remains, leading to
22 the potential persistency of this issue.
24 This patch fixes this issue by storing the flags used in the CRC
25 calculation on a a per TT orig entry basis to be able to respond with
26 the correct, original flags in an intermediate TT Response for one
27 thing. And to be able to correctly unset sync flags once all nodes
28 announcing a sync flag vanish for another.
30 Fixes: fa614fd04692 ("batman-adv: fix tt_global_entries flags update")
31 Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
32 Acked-by: Antonio Quartulli <a@unstable.cc>
33 Signed-off-by: Sven Eckelmann <sven@narfation.org>
35 Origin: other, https://patchwork.open-mesh.org/patch/17072/
37 net/batman-adv/translation-table.c | 60 ++++++++++++++++++++++++++++++++------
38 net/batman-adv/types.h | 2 ++
39 2 files changed, 53 insertions(+), 9 deletions(-)
41 diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
42 index e1133bc634b5e8ed9a4639677e577a0d52e7c1d5..8a3ce79b1307b7f260ce2f64e96bdacfb9a322f0 100644
43 --- a/net/batman-adv/translation-table.c
44 +++ b/net/batman-adv/translation-table.c
45 @@ -1549,9 +1549,41 @@ batadv_tt_global_entry_has_orig(const struct batadv_tt_global_entry *entry,
50 + * batadv_tt_global_sync_flags - update TT sync flags
51 + * @tt_global: the TT global entry to update sync flags in
53 + * Updates the sync flag bits in the tt_global flag attribute with a logical
54 + * OR of all sync flags from any of its TT orig entries.
57 +batadv_tt_global_sync_flags(struct batadv_tt_global_entry *tt_global)
59 + struct batadv_tt_orig_list_entry *orig_entry;
60 + const struct hlist_head *head;
61 + u16 flags = BATADV_NO_FLAGS;
64 + head = &tt_global->orig_list;
65 + hlist_for_each_entry_rcu(orig_entry, head, list)
66 + flags |= orig_entry->flags;
69 + flags |= tt_global->common.flags & (~BATADV_TT_SYNC_MASK);
70 + tt_global->common.flags = flags;
74 + * batadv_tt_global_orig_entry_add - add or update a TT orig entry
75 + * @tt_global: the TT global entry to add an orig entry in
76 + * @orig_node: the originator to add an orig entry for
77 + * @ttvn: translation table version number of this changeset
78 + * @flags: TT sync flags
81 batadv_tt_global_orig_entry_add(struct batadv_tt_global_entry *tt_global,
82 - struct batadv_orig_node *orig_node, int ttvn)
83 + struct batadv_orig_node *orig_node, int ttvn,
86 struct batadv_tt_orig_list_entry *orig_entry;
88 @@ -1561,7 +1593,8 @@ batadv_tt_global_orig_entry_add(struct batadv_tt_global_entry *tt_global,
89 * was added during a "temporary client detection"
91 orig_entry->ttvn = ttvn;
93 + orig_entry->flags = flags;
97 orig_entry = kmem_cache_zalloc(batadv_tt_orig_cache, GFP_ATOMIC);
98 @@ -1573,6 +1606,7 @@ batadv_tt_global_orig_entry_add(struct batadv_tt_global_entry *tt_global,
99 batadv_tt_global_size_inc(orig_node, tt_global->common.vid);
100 orig_entry->orig_node = orig_node;
101 orig_entry->ttvn = ttvn;
102 + orig_entry->flags = flags;
103 kref_init(&orig_entry->refcount);
105 spin_lock_bh(&tt_global->list_lock);
106 @@ -1582,6 +1616,8 @@ batadv_tt_global_orig_entry_add(struct batadv_tt_global_entry *tt_global,
107 spin_unlock_bh(&tt_global->list_lock);
108 atomic_inc(&tt_global->orig_list_count);
111 + batadv_tt_global_sync_flags(tt_global);
114 batadv_tt_orig_list_entry_put(orig_entry);
115 @@ -1703,10 +1739,10 @@ static bool batadv_tt_global_add(struct batadv_priv *bat_priv,
118 /* the change can carry possible "attribute" flags like the
119 - * TT_CLIENT_WIFI, therefore they have to be copied in the
120 + * TT_CLIENT_TEMP, therefore they have to be copied in the
123 - common->flags |= flags;
124 + common->flags |= flags & (~BATADV_TT_SYNC_MASK);
126 /* If there is the BATADV_TT_CLIENT_ROAM flag set, there is only
127 * one originator left in the list and we previously received a
128 @@ -1723,7 +1759,8 @@ static bool batadv_tt_global_add(struct batadv_priv *bat_priv,
131 /* add the new orig_entry (if needed) or update it */
132 - batadv_tt_global_orig_entry_add(tt_global_entry, orig_node, ttvn);
133 + batadv_tt_global_orig_entry_add(tt_global_entry, orig_node, ttvn,
134 + flags & BATADV_TT_SYNC_MASK);
136 batadv_dbg(BATADV_DBG_TT, bat_priv,
137 "Creating new global tt entry: %pM (vid: %d, via %pM)\n",
138 @@ -1946,6 +1983,7 @@ batadv_tt_global_dump_subentry(struct sk_buff *msg, u32 portid, u32 seq,
139 struct batadv_tt_orig_list_entry *orig,
142 + u16 flags = (common->flags & (~BATADV_TT_SYNC_MASK)) | orig->flags;
144 struct batadv_orig_node_vlan *vlan;
146 @@ -1975,7 +2013,7 @@ batadv_tt_global_dump_subentry(struct sk_buff *msg, u32 portid, u32 seq,
147 nla_put_u8(msg, BATADV_ATTR_TT_LAST_TTVN, last_ttvn) ||
148 nla_put_u32(msg, BATADV_ATTR_TT_CRC32, crc) ||
149 nla_put_u16(msg, BATADV_ATTR_TT_VID, common->vid) ||
150 - nla_put_u32(msg, BATADV_ATTR_TT_FLAGS, common->flags))
151 + nla_put_u32(msg, BATADV_ATTR_TT_FLAGS, flags))
152 goto nla_put_failure;
154 if (best && nla_put_flag(msg, BATADV_ATTR_FLAG_BEST))
155 @@ -2589,6 +2627,7 @@ static u32 batadv_tt_global_crc(struct batadv_priv *bat_priv,
158 struct batadv_hashtable *hash = bat_priv->tt.global_hash;
159 + struct batadv_tt_orig_list_entry *tt_orig;
160 struct batadv_tt_common_entry *tt_common;
161 struct batadv_tt_global_entry *tt_global;
162 struct hlist_head *head;
163 @@ -2627,8 +2666,9 @@ static u32 batadv_tt_global_crc(struct batadv_priv *bat_priv,
164 /* find out if this global entry is announced by this
167 - if (!batadv_tt_global_entry_has_orig(tt_global,
169 + tt_orig = batadv_tt_global_orig_entry_find(tt_global,
174 /* use network order to read the VID: this ensures that
175 @@ -2640,10 +2680,12 @@ static u32 batadv_tt_global_crc(struct batadv_priv *bat_priv,
176 /* compute the CRC on flags that have to be kept in sync
179 - flags = tt_common->flags & BATADV_TT_SYNC_MASK;
180 + flags = tt_orig->flags;
181 crc_tmp = crc32c(crc_tmp, &flags, sizeof(flags));
183 crc ^= crc32c(crc_tmp, tt_common->addr, ETH_ALEN);
185 + batadv_tt_orig_list_entry_put(tt_orig);
189 diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
190 index ea43a64492479809fe6bdf95b436792078f50e9f..a62795868794103d7e712ba91def5997dc3a5779 100644
191 --- a/net/batman-adv/types.h
192 +++ b/net/batman-adv/types.h
193 @@ -1260,6 +1260,7 @@ struct batadv_tt_global_entry {
194 * struct batadv_tt_orig_list_entry - orig node announcing a non-mesh client
195 * @orig_node: pointer to orig node announcing this non-mesh client
196 * @ttvn: translation table version number which added the non-mesh client
197 + * @flags: per orig entry TT sync flags
198 * @list: list node for batadv_tt_global_entry::orig_list
199 * @refcount: number of contexts the object is used
200 * @rcu: struct used for freeing in an RCU-safe manner
201 @@ -1267,6 +1268,7 @@ struct batadv_tt_global_entry {
202 struct batadv_tt_orig_list_entry {
203 struct batadv_orig_node *orig_node;
206 struct hlist_node list;
207 struct kref refcount;
projects / feed / routing.git / blob