On Tue, Mar 06, 2012 at 03:52:46AM +0800, Marek Lindner wrote:
> On Monday, March 05, 2012 15:51:51 Antonio Quartulli wrote:
> > in case of a broadcast packet, the result of the ap_isolated check is
> > always false (since we have no ff:ff:ff:ff:ff:ff client to check for
> > TT_CLIENT_WIFI), therefore we can avoid searching the translation table
> > and we can return false directly
> 
> How about also checking the source address ?

Actually I assumed that "legal" data only is passed to this function and so
there should be no need to check for the source address as well.

But I think this assumption is wrong, right? Actually the "internal" data of a
unicast/broadcast packet is never checked and so I should not assume that the
addresses passed to this function are legal.

> You probably also should add similar checks for tt_local_add() ?

Yep, we probably want to have the same checks in tt_local_add() because a wired
client could send any spoofed packet and we should protect our tables from them.

> Or do we have "legal" cases in which we announce multicast addresses ?

Not that I know (right now)


Cheers,
and greetings from Bruxelles

-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara