Date: Tue, 15 Sep 2015 04:08:15 +0300 From: Gleb Smirnoff <glebius@FreeBSD.org> To: "Alexander V. Chernikov" <melifaro@FreeBSD.org> Cc: rozhuk.im@gmail.com, ae@FreeBSD.org, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r287779 - head/sys/netinet Message-ID: <20150915010815.GX1023@FreeBSD.org> In-Reply-To: <201509141028.t8EASmUe096159@repo.freebsd.org> References: <201509141028.t8EASmUe096159@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! On Mon, Sep 14, 2015 at 10:28:48AM +0000, Alexander V. Chernikov wrote: A> Author: melifaro A> Date: Mon Sep 14 10:28:47 2015 A> New Revision: 287779 A> URL: https://svnweb.freebsd.org/changeset/base/287779 A> A> Log: A> * Improve error checking for arp messages. A> * Clean stale headers from if_ether.c. A> A> Reported by: rozhuk.im at gmail.com A> Reviewed by: ae It would be nice if arpintr() uses ARP_LOG() as in_arpinput() does. All these messages can be triggered remotely. Please do this before merging to a stable branch. A> A> Modified: A> head/sys/netinet/if_ether.c A> A> Modified: head/sys/netinet/if_ether.c A> ============================================================================== A> --- head/sys/netinet/if_ether.c Mon Sep 14 09:56:01 2015 (r287778) A> +++ head/sys/netinet/if_ether.c Mon Sep 14 10:28:47 2015 (r287779) A> @@ -58,7 +58,6 @@ __FBSDID("$FreeBSD$"); A> #include <net/if_dl.h> A> #include <net/if_types.h> A> #include <net/netisr.h> A> -#include <net/if_llc.h> A> #include <net/ethernet.h> A> #include <net/route.h> A> #include <net/vnet.h> A> @@ -71,9 +70,6 @@ __FBSDID("$FreeBSD$"); A> #include <netinet/ip_carp.h> A> #endif A> A> -#include <net/if_arc.h> A> -#include <net/iso88025.h> A> - A> #include <security/mac/mac_framework.h> A> A> #define SIN(s) ((const struct sockaddr_in *)(s)) A> @@ -529,6 +525,8 @@ static void A> arpintr(struct mbuf *m) A> { A> struct arphdr *ar; A> + char *layer; A> + int hlen; A> A> if (m->m_len < sizeof(struct arphdr) && A> ((m = m_pullup(m, sizeof(struct arphdr))) == NULL)) { A> @@ -537,26 +535,56 @@ arpintr(struct mbuf *m) A> } A> ar = mtod(m, struct arphdr *); A> A> - if (ntohs(ar->ar_hrd) != ARPHRD_ETHER && A> - ntohs(ar->ar_hrd) != ARPHRD_IEEE802 && A> - ntohs(ar->ar_hrd) != ARPHRD_ARCNET && A> - ntohs(ar->ar_hrd) != ARPHRD_IEEE1394 && A> - ntohs(ar->ar_hrd) != ARPHRD_INFINIBAND) { A> - log(LOG_NOTICE, "arp: unknown hardware address format (0x%2D)" A> - " (from %*D to %*D)\n", (unsigned char *)&ar->ar_hrd, "", A> - ETHER_ADDR_LEN, (u_char *)ar_sha(ar), ":", A> - ETHER_ADDR_LEN, (u_char *)ar_tha(ar), ":"); A> + /* Check if length is sufficient */ A> + if ((m = m_pullup(m, arphdr_len(ar))) == NULL) { A> + log(LOG_NOTICE, "arp: short header received\n"); A> + return; A> + } A> + ar = mtod(m, struct arphdr *); A> + A> + hlen = 0; A> + layer = ""; A> + switch (ntohs(ar->ar_hrd)) { A> + case ARPHRD_ETHER: A> + hlen = ETHER_ADDR_LEN; /* RFC 826 */ A> + layer = "ethernet"; A> + break; A> + case ARPHRD_IEEE802: A> + hlen = 6; /* RFC 1390, FDDI_ADDR_LEN */ A> + layer = "fddi"; A> + break; A> + case ARPHRD_ARCNET: A> + hlen = 1; /* RFC 1201, ARC_ADDR_LEN */ A> + layer = "arcnet"; A> + break; A> + case ARPHRD_INFINIBAND: A> + hlen = 20; /* RFC 4391, INFINIBAND_ALEN */ A> + layer = "infiniband"; A> + break; A> + case ARPHRD_IEEE1394: A> + hlen = 0; /* SHALL be 16 */ /* RFC 2734 */ A> + layer = "firewire"; A> + A> + /* A> + * Restrict too long harware addresses. A> + * Currently we are capable of handling 20-byte A> + * addresses ( sizeof(lle->ll_addr) ) A> + */ A> + if (ar->ar_hln >= 20) A> + hlen = 16; A> + break; A> + default: A> + log(LOG_NOTICE, "arp: unknown hardware address format (0x%2d)\n", A> + htons(ar->ar_hrd)); A> m_freem(m); A> return; A> } A> A> - if (m->m_len < arphdr_len(ar)) { A> - if ((m = m_pullup(m, arphdr_len(ar))) == NULL) { A> - log(LOG_NOTICE, "arp: runt packet\n"); A> - m_freem(m); A> - return; A> - } A> - ar = mtod(m, struct arphdr *); A> + if (hlen != 0 && hlen != ar->ar_hln) { A> + log(LOG_NOTICE, "arp: bad %s header length: %d\n", layer, A> + ar->ar_hln); A> + m_freem(m); A> + return; A> } A> A> ARPSTAT_INC(received); A> _______________________________________________ A> svn-src-all@freebsd.org mailing list A> https://lists.freebsd.org/mailman/listinfo/svn-src-all A> To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" -- Totus tuus, Glebius.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150915010815.GX1023>