From owner-svn-src-head@freebsd.org Tue Sep 15 01:08:19 2015 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 16DBCA03C82; Tue, 15 Sep 2015 01:08:19 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.69.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cell.glebius.int.ru", Issuer "cell.glebius.int.ru" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A8DBF145B; Tue, 15 Sep 2015 01:08:17 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.15.2/8.15.2) with ESMTPS id t8F18F3P099940 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 15 Sep 2015 04:08:15 +0300 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.15.2/8.15.2/Submit) id t8F18FKc099939; Tue, 15 Sep 2015 04:08:15 +0300 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Tue, 15 Sep 2015 04:08:15 +0300 From: Gleb Smirnoff To: "Alexander V. Chernikov" Cc: rozhuk.im@gmail.com, ae@FreeBSD.org, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r287779 - head/sys/netinet Message-ID: <20150915010815.GX1023@FreeBSD.org> References: <201509141028.t8EASmUe096159@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201509141028.t8EASmUe096159@repo.freebsd.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Sep 2015 01:08:19 -0000 Hi! On Mon, Sep 14, 2015 at 10:28:48AM +0000, Alexander V. Chernikov wrote: A> Author: melifaro A> Date: Mon Sep 14 10:28:47 2015 A> New Revision: 287779 A> URL: https://svnweb.freebsd.org/changeset/base/287779 A> A> Log: A> * Improve error checking for arp messages. A> * Clean stale headers from if_ether.c. A> A> Reported by: rozhuk.im at gmail.com A> Reviewed by: ae It would be nice if arpintr() uses ARP_LOG() as in_arpinput() does. All these messages can be triggered remotely. Please do this before merging to a stable branch. A> A> Modified: A> head/sys/netinet/if_ether.c A> A> Modified: head/sys/netinet/if_ether.c A> ============================================================================== A> --- head/sys/netinet/if_ether.c Mon Sep 14 09:56:01 2015 (r287778) A> +++ head/sys/netinet/if_ether.c Mon Sep 14 10:28:47 2015 (r287779) A> @@ -58,7 +58,6 @@ __FBSDID("$FreeBSD$"); A> #include A> #include A> #include A> -#include A> #include A> #include A> #include A> @@ -71,9 +70,6 @@ __FBSDID("$FreeBSD$"); A> #include A> #endif A> A> -#include A> -#include A> - A> #include A> A> #define SIN(s) ((const struct sockaddr_in *)(s)) A> @@ -529,6 +525,8 @@ static void A> arpintr(struct mbuf *m) A> { A> struct arphdr *ar; A> + char *layer; A> + int hlen; A> A> if (m->m_len < sizeof(struct arphdr) && A> ((m = m_pullup(m, sizeof(struct arphdr))) == NULL)) { A> @@ -537,26 +535,56 @@ arpintr(struct mbuf *m) A> } A> ar = mtod(m, struct arphdr *); A> A> - if (ntohs(ar->ar_hrd) != ARPHRD_ETHER && A> - ntohs(ar->ar_hrd) != ARPHRD_IEEE802 && A> - ntohs(ar->ar_hrd) != ARPHRD_ARCNET && A> - ntohs(ar->ar_hrd) != ARPHRD_IEEE1394 && A> - ntohs(ar->ar_hrd) != ARPHRD_INFINIBAND) { A> - log(LOG_NOTICE, "arp: unknown hardware address format (0x%2D)" A> - " (from %*D to %*D)\n", (unsigned char *)&ar->ar_hrd, "", A> - ETHER_ADDR_LEN, (u_char *)ar_sha(ar), ":", A> - ETHER_ADDR_LEN, (u_char *)ar_tha(ar), ":"); A> + /* Check if length is sufficient */ A> + if ((m = m_pullup(m, arphdr_len(ar))) == NULL) { A> + log(LOG_NOTICE, "arp: short header received\n"); A> + return; A> + } A> + ar = mtod(m, struct arphdr *); A> + A> + hlen = 0; A> + layer = ""; A> + switch (ntohs(ar->ar_hrd)) { A> + case ARPHRD_ETHER: A> + hlen = ETHER_ADDR_LEN; /* RFC 826 */ A> + layer = "ethernet"; A> + break; A> + case ARPHRD_IEEE802: A> + hlen = 6; /* RFC 1390, FDDI_ADDR_LEN */ A> + layer = "fddi"; A> + break; A> + case ARPHRD_ARCNET: A> + hlen = 1; /* RFC 1201, ARC_ADDR_LEN */ A> + layer = "arcnet"; A> + break; A> + case ARPHRD_INFINIBAND: A> + hlen = 20; /* RFC 4391, INFINIBAND_ALEN */ A> + layer = "infiniband"; A> + break; A> + case ARPHRD_IEEE1394: A> + hlen = 0; /* SHALL be 16 */ /* RFC 2734 */ A> + layer = "firewire"; A> + A> + /* A> + * Restrict too long harware addresses. A> + * Currently we are capable of handling 20-byte A> + * addresses ( sizeof(lle->ll_addr) ) A> + */ A> + if (ar->ar_hln >= 20) A> + hlen = 16; A> + break; A> + default: A> + log(LOG_NOTICE, "arp: unknown hardware address format (0x%2d)\n", A> + htons(ar->ar_hrd)); A> m_freem(m); A> return; A> } A> A> - if (m->m_len < arphdr_len(ar)) { A> - if ((m = m_pullup(m, arphdr_len(ar))) == NULL) { A> - log(LOG_NOTICE, "arp: runt packet\n"); A> - m_freem(m); A> - return; A> - } A> - ar = mtod(m, struct arphdr *); A> + if (hlen != 0 && hlen != ar->ar_hln) { A> + log(LOG_NOTICE, "arp: bad %s header length: %d\n", layer, A> + ar->ar_hln); A> + m_freem(m); A> + return; A> } A> A> ARPSTAT_INC(received); A> _______________________________________________ A> svn-src-all@freebsd.org mailing list A> https://lists.freebsd.org/mailman/listinfo/svn-src-all A> To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" -- Totus tuus, Glebius.