summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordimitri staessens <[email protected]>2016-10-06 14:27:53 +0200
committerdimitri staessens <[email protected]>2016-10-06 16:01:14 +0200
commit78d143e1487ef6212bda84702307c236021afcc7 (patch)
tree7f977513129b4a43eac102af4abe6457cb2632c9
parent170a60e4770a8fd12c50adfd6d3d34cd533ad570 (diff)
downloadouroboros-78d143e1487ef6212bda84702307c236021afcc7.tar.gz
ouroboros-78d143e1487ef6212bda84702307c236021afcc7.zip
ipcpd: Filter traffic on shim-eth-llc
Now correctly handles and drops non-ouroboros traffic.
-rw-r--r--src/ipcpd/shim-eth-llc/main.c34
-rw-r--r--src/tools/oping/oping_client.c1
-rw-r--r--src/tools/oping/oping_server.c3
3 files changed, 31 insertions, 7 deletions
diff --git a/src/ipcpd/shim-eth-llc/main.c b/src/ipcpd/shim-eth-llc/main.c
index 03e8beb1..c5e6d74d 100644
--- a/src/ipcpd/shim-eth-llc/main.c
+++ b/src/ipcpd/shim-eth-llc/main.c
@@ -520,9 +520,9 @@ static void * eth_llc_ipcp_sdu_reader(void * o)
#else
if (memcmp(eth_llc_data.device.sll_addr,
#endif
- &llc_frame->dst_hwaddr,
+ llc_frame->dst_hwaddr,
MAC_SIZE) &&
- memcmp(br_addr, &llc_frame->dst_hwaddr, MAC_SIZE)) {
+ memcmp(br_addr, llc_frame->dst_hwaddr, MAC_SIZE)) {
#if defined(PACKET_RX_RING) && defined(PACKET_TX_RING)
offset = (offset + 1) & (SHM_BUFFER_SIZE - 1);
header->tp_status = TP_STATUS_KERNEL;
@@ -530,12 +530,22 @@ static void * eth_llc_ipcp_sdu_reader(void * o)
continue;
}
+ memcpy(&length, &llc_frame->length, sizeof(length));
+ length = ntohs(length);
+
+ if (length > 0x05FF) { /* DIX */
+#if defined(PACKET_RX_RING) && defined(PACKET_TX_RING)
+ offset = (offset + 1) & (SHM_BUFFER_SIZE -1);
+ header->tp_status = TP_STATUS_KERNEL;
+#endif
+ continue;
+ }
+
+ length -= LLC_HEADER_SIZE;
+
dsap = reverse_bits(llc_frame->dsap);
ssap = reverse_bits(llc_frame->ssap);
- memcpy(&length, &llc_frame->length, sizeof(length));
- length = ntohs(length) - LLC_HEADER_SIZE;
-
if (ssap == MGMT_SAP && dsap == MGMT_SAP) {
eth_llc_ipcp_mgmt_frame(&llc_frame->payload,
length,
@@ -553,9 +563,21 @@ static void * eth_llc_ipcp_sdu_reader(void * o)
continue;
}
+ if (eth_llc_data.fd_to_ef[fd].r_sap != ssap
+ || memcmp(eth_llc_data.fd_to_ef[fd].r_addr,
+ llc_frame->src_hwaddr, MAC_SIZE)) {
+ pthread_rwlock_unlock(&eth_llc_data.flows_lock);
+#if defined(PACKET_RX_RING) && defined(PACKET_TX_RING)
+ offset = (offset + 1) & (SHM_BUFFER_SIZE -1);
+ header->tp_status = TP_STATUS_KERNEL;
+#endif
+ continue;
+ }
+
pthread_rwlock_unlock(&eth_llc_data.flows_lock);
flow_write(fd, &llc_frame->payload, length);
+
}
#if defined(PACKET_RX_RING) && defined(PACKET_TX_RING)
offset = (offset + 1) & (SHM_BUFFER_SIZE -1);
@@ -705,7 +727,7 @@ static int eth_llc_ipcp_bootstrap(struct dif_config * conf)
device.sdl_alen = MAC_SIZE;
/* TODO: replace socket calls with bpf for BSD */
LOG_MISSING;
- fd = socket(AF_LINK, SOCK_RAW, 0);
+ skfd = socket(AF_LINK, SOCK_RAW, 0);
#else
device.sll_ifindex = idx;
device.sll_family = AF_PACKET;
diff --git a/src/tools/oping/oping_client.c b/src/tools/oping/oping_client.c
index 47b40118..8b4e0fc2 100644
--- a/src/tools/oping/oping_client.c
+++ b/src/tools/oping/oping_client.c
@@ -138,6 +138,7 @@ void * writer(void * o)
while (client.sent < client.count) {
nanosleep(&wait, NULL);
+ msg->type = htonl(ECHO_REQUEST);
msg->id = htonl(client.sent);
if (flow_write(*fdp, buf, client.size) == -1) {
printf("Failed to send SDU.\n");
diff --git a/src/tools/oping/oping_server.c b/src/tools/oping/oping_server.c
index 9c7b1be7..0ba47174 100644
--- a/src/tools/oping/oping_server.c
+++ b/src/tools/oping/oping_server.c
@@ -83,7 +83,8 @@ void * server_thread(void *o)
continue;
if (ntohl(msg->type) != ECHO_REQUEST) {
- printf("Invalid message received.\n");
+ printf("Invalid message on fd %d: type %d, len = %d.\n",
+ fd, ntohl(msg->type), msg_len);
continue;
}