Re: [B.A.T.M.A.N.] [PATCH 2/2] batman-adv: filter out invalid DAT entries

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Antonio Quartulli <ordex@autistici.org>
To: Matthias Schiffer <mschiffer@universe-factory.net>
Cc: b.a.t.m.a.n@lists.open-mesh.org, Marek Lindner <lindner_marek@yahoo.de>
Subject: Re: [B.A.T.M.A.N.] [PATCH 2/2] batman-adv: filter out invalid DAT entries
Date: Thu, 24 Jan 2013 16:12:21 +0100	[thread overview]
Message-ID: <20130124151221.GA8211@ritirata.org> (raw)
In-Reply-To: <510148D3.1010807@universe-factory.net>

[-- Attachment #1: Type: text/plain, Size: 1874 bytes --]

On Thu, Jan 24, 2013 at 03:44:35PM +0100, Matthias Schiffer wrote:
> On 01/24/2013 02:47 PM, Marek Lindner wrote:
> > On Thursday, January 24, 2013 21:38:58 Antonio Quartulli wrote:
> >>
> >> I thought the same, but in batadv_arp_get_type() we have a general check
> >> that discards wrong/bogus ARP request.
> >>
> >> Here instead we are filtering "correct" ARP requests that DAT should not
> >> handle.
> > 
> > What is the difference except for the naming ? In both cases we don't want 
> > these packets to be handled by DAT. 
> > 
> > Feel free to move these extra validation checks into a separate function that 
> > gets called from batadv_arp_get_type() if you wish to emphasize the difference 
> > between the types of checks. Having all checks in the same place will help to 
> > avoid overlooking things later (as already happened).
> > 
> > Cheers,
> > Marek
> > 
> 
> In my opinion, the DAT should handle the sane one of source and
> destination if one of them is sane and the other is bogus. So I would
> maybe rather move all the checks to batadv_dat_entry_add()? There it
> will only catch the add case though, not the lookup case...

I agree with Marek: adding these new checks in a separate function is probably
better. At that point batadv_arp_get_type() will directly refuse to parse
whatever ARP packet that DAT does not like.

> 
> At least a check for ff:ff:ff:ff:ff:ff should be added to maint as soon
> as possible, as such entries were actually overwriting correct DAT
> entries on my test node (and maybe even preventing ARP resolution as the
> DAT node answered with these instead of the actual addresses).
> 

Yes, I agree.
What about modifying your patch following the comments above and resend it?


Cheers,


-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara

[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]

next prev parent reply	other threads:[~2013-01-24 15:12 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-01-23 17:11 [B.A.T.M.A.N.] [PATCH 1/2] batman-adv: fix skb leak in batadv_dat_snoop_incoming_arp_reply() Matthias Schiffer
2013-01-23 17:11 ` [B.A.T.M.A.N.] [PATCH 2/2] batman-adv: filter out invalid DAT entries Matthias Schiffer
2013-01-23 21:07   ` Antonio Quartulli
2013-01-23 21:39     ` Matthias Schiffer
2013-01-23 21:52       ` Matthias Schiffer
2013-01-23 21:55         ` Antonio Quartulli
2013-01-23 21:53       ` Antonio Quartulli
2013-01-24 13:36         ` Marek Lindner
2013-01-24 13:38           ` Antonio Quartulli
2013-01-24 13:47             ` Marek Lindner
2013-01-24 14:44               ` Matthias Schiffer
2013-01-24 15:12                 ` Antonio Quartulli [this message]
2013-01-24 17:18                   ` Matthias Schiffer
2013-01-24 17:18                     ` [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: check for more types of invalid IP addresses in DAT Matthias Schiffer
2013-01-24 17:18                       ` [B.A.T.M.A.N.] [PATCH v2 2/2] batman-adv: filter ARP packets with invalid MAC " Matthias Schiffer
2013-01-24 17:33                         ` Matthias Schiffer
2013-01-25 13:28                         ` Antonio Quartulli
2013-01-27  0:38                           ` Marek Lindner
2013-01-25 13:27                       ` [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: check for more types of invalid IP " Antonio Quartulli
2013-01-27  0:34                         ` Marek Lindner
2013-01-23 21:11 ` [B.A.T.M.A.N.] [PATCH 1/2] batman-adv: fix skb leak in batadv_dat_snoop_incoming_arp_reply() Antonio Quartulli
2013-01-23 21:14   ` Antonio Quartulli
2013-01-24 13:31     ` Marek Lindner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130124151221.GA8211@ritirata.org \
    --to=ordex@autistici.org \
    --cc=b.a.t.m.a.n@lists.open-mesh.org \
    --cc=lindner_marek@yahoo.de \
    --cc=mschiffer@universe-factory.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.