Date: Wed, 12 Jul 2006 16:18:37 GMT From: Clément Lecigne <clem1@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 101395 for review Message-ID: <200607121618.k6CGIb1P052814@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=101395 Change 101395 by clem1@clem1_ipv6vulns on 2006/07/12 16:18:23 syslog DAD messages and print if the node claims to be a router or not. Affected files ... .. //depot/projects/soc2006/clem1_ipv6vulns/preventing-tools/ndpwatch/db.c#2 edit .. //depot/projects/soc2006/clem1_ipv6vulns/preventing-tools/ndpwatch/ndpwatch.c#2 edit .. //depot/projects/soc2006/clem1_ipv6vulns/preventing-tools/ndpwatch/report.c#2 edit .. //depot/projects/soc2006/clem1_ipv6vulns/preventing-tools/ndpwatch/report.h#2 edit Differences ... ==== //depot/projects/soc2006/clem1_ipv6vulns/preventing-tools/ndpwatch/db.c#2 (text+ko) ==== @@ -90,7 +90,7 @@ register u_int len; u_char *e2; time_t t2; - + /* Lookup ipv6 address */ ap = ainfo_find(a); @@ -99,7 +99,7 @@ ep = ap->elist[0]; if (MEMCMP(e, ep->e, 6) == 0) { if (t - ep->t > NEWACTIVITY_DELTA) { - report("new activity", a, e, NULL, &t, &ep->t); + report("new activity", a, e, NULL, r, &t, &ep->t); } ep->t = t; return (1); @@ -110,7 +110,7 @@ if (ap->ecount == 0) { ap->ecount = 1; ap->elist[0] = elist_alloc(a, e, t, h); - report("new station", a, e, NULL, &t, NULL); + report("new station", a, e, NULL, r, &t, NULL); return (1); } @@ -134,7 +134,7 @@ /* New ether address */ e2 = ap->elist[0]->e; t2 = ap->elist[0]->t; - report("changed ethernet address", a, e, e2, &t, &t2); + report("changed ethernet address", a, e, e2, r, &t, &t2); /* Make room at head of list */ alist_alloc(ap); len = ap->ecount * sizeof(ap->elist[0]); ==== //depot/projects/soc2006/clem1_ipv6vulns/preventing-tools/ndpwatch/ndpwatch.c#2 (text+ko) ==== @@ -239,6 +239,15 @@ ndp = (struct ndp_header *)(pk + ph->len - NDP_S - NDP_OPT_S); opt = (struct ndp_option *)(pk + ph->len - NDP_OPT_S); + /* is it a DAD message ? */ + if (IN6_IS_ADDR_UNSPECIFIED(&ip6->src) && ndp->type == 135) + { + syslog(LOG_NOTICE, "Duplicated address detection asked for " + "%s from %s\n", inet_ntop(AF_INET6, &ndp->target, ip, + INET6_ADDRSTRLEN), e2str(opt->mac)); + return; + } + if (!sanity_icmp6(ndp, opt)) { /* syslog has been filled */ @@ -254,7 +263,7 @@ return; } t = ph->ts.tv_sec; - if (!ent_add(&ndp->target, opt->mac, ndp->reserved >> 31, t, NULL)) + if (!ent_add(&ndp->target, opt->mac, ndp->reserved >> 7, t, NULL)) { syslog(LOG_ERR, "ent_addr(%s, %s, ...) failed\n", inet_ntop(AF_INET6, &ndp->target, ip, INET6_ADDRSTRLEN), ==== //depot/projects/soc2006/clem1_ipv6vulns/preventing-tools/ndpwatch/report.c#2 (text+ko) ==== @@ -220,7 +220,8 @@ void report(register char *title, struct in6_addr *a, register u_char *e1, - register u_char *e2, register time_t *t1p, register time_t *t2p) + register u_char *e2, register u_int8_t r, register time_t *t1p, + register time_t *t2p) { register char *cp; register int fd, pid; @@ -293,6 +294,7 @@ (void)fprintf(f, fmt, "ip address", inet_ntop(AF_INET6, a, ip, INET6_ADDRSTRLEN)); (void)fprintf(f, fmt, "ethernet address", e2str(e1)); + (void)fprintf(f, fmt, "router", (r) ? "YES" : "no"); if (e2) (void)fprintf(f, fmt, "old ethernet address", e2str(e2)); if (t1p) ==== //depot/projects/soc2006/clem1_ipv6vulns/preventing-tools/ndpwatch/report.h#2 (text+ko) ==== @@ -1,2 +1,2 @@ -void report(char *, struct in6_addr *, u_char *, u_char *, time_t *, time_t *); +void report(char *, struct in6_addr *, u_char *, u_char *, u_int8_t r, time_t *, time_t *);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607121618.k6CGIb1P052814>