diff options
author | dimitri staessens <[email protected]> | 2016-10-06 14:27:53 +0200 |
---|---|---|
committer | dimitri staessens <[email protected]> | 2016-10-06 16:01:14 +0200 |
commit | 78d143e1487ef6212bda84702307c236021afcc7 (patch) | |
tree | 7f977513129b4a43eac102af4abe6457cb2632c9 | |
parent | 170a60e4770a8fd12c50adfd6d3d34cd533ad570 (diff) | |
download | ouroboros-78d143e1487ef6212bda84702307c236021afcc7.tar.gz ouroboros-78d143e1487ef6212bda84702307c236021afcc7.zip |
ipcpd: Filter traffic on shim-eth-llc
Now correctly handles and drops non-ouroboros traffic.
-rw-r--r-- | src/ipcpd/shim-eth-llc/main.c | 34 | ||||
-rw-r--r-- | src/tools/oping/oping_client.c | 1 | ||||
-rw-r--r-- | src/tools/oping/oping_server.c | 3 |
3 files changed, 31 insertions, 7 deletions
diff --git a/src/ipcpd/shim-eth-llc/main.c b/src/ipcpd/shim-eth-llc/main.c index 03e8beb1..c5e6d74d 100644 --- a/src/ipcpd/shim-eth-llc/main.c +++ b/src/ipcpd/shim-eth-llc/main.c @@ -520,9 +520,9 @@ static void * eth_llc_ipcp_sdu_reader(void * o) #else if (memcmp(eth_llc_data.device.sll_addr, #endif - &llc_frame->dst_hwaddr, + llc_frame->dst_hwaddr, MAC_SIZE) && - memcmp(br_addr, &llc_frame->dst_hwaddr, MAC_SIZE)) { + memcmp(br_addr, llc_frame->dst_hwaddr, MAC_SIZE)) { #if defined(PACKET_RX_RING) && defined(PACKET_TX_RING) offset = (offset + 1) & (SHM_BUFFER_SIZE - 1); header->tp_status = TP_STATUS_KERNEL; @@ -530,12 +530,22 @@ static void * eth_llc_ipcp_sdu_reader(void * o) continue; } + memcpy(&length, &llc_frame->length, sizeof(length)); + length = ntohs(length); + + if (length > 0x05FF) { /* DIX */ +#if defined(PACKET_RX_RING) && defined(PACKET_TX_RING) + offset = (offset + 1) & (SHM_BUFFER_SIZE -1); + header->tp_status = TP_STATUS_KERNEL; +#endif + continue; + } + + length -= LLC_HEADER_SIZE; + dsap = reverse_bits(llc_frame->dsap); ssap = reverse_bits(llc_frame->ssap); - memcpy(&length, &llc_frame->length, sizeof(length)); - length = ntohs(length) - LLC_HEADER_SIZE; - if (ssap == MGMT_SAP && dsap == MGMT_SAP) { eth_llc_ipcp_mgmt_frame(&llc_frame->payload, length, @@ -553,9 +563,21 @@ static void * eth_llc_ipcp_sdu_reader(void * o) continue; } + if (eth_llc_data.fd_to_ef[fd].r_sap != ssap + || memcmp(eth_llc_data.fd_to_ef[fd].r_addr, + llc_frame->src_hwaddr, MAC_SIZE)) { + pthread_rwlock_unlock(ð_llc_data.flows_lock); +#if defined(PACKET_RX_RING) && defined(PACKET_TX_RING) + offset = (offset + 1) & (SHM_BUFFER_SIZE -1); + header->tp_status = TP_STATUS_KERNEL; +#endif + continue; + } + pthread_rwlock_unlock(ð_llc_data.flows_lock); flow_write(fd, &llc_frame->payload, length); + } #if defined(PACKET_RX_RING) && defined(PACKET_TX_RING) offset = (offset + 1) & (SHM_BUFFER_SIZE -1); @@ -705,7 +727,7 @@ static int eth_llc_ipcp_bootstrap(struct dif_config * conf) device.sdl_alen = MAC_SIZE; /* TODO: replace socket calls with bpf for BSD */ LOG_MISSING; - fd = socket(AF_LINK, SOCK_RAW, 0); + skfd = socket(AF_LINK, SOCK_RAW, 0); #else device.sll_ifindex = idx; device.sll_family = AF_PACKET; diff --git a/src/tools/oping/oping_client.c b/src/tools/oping/oping_client.c index 47b40118..8b4e0fc2 100644 --- a/src/tools/oping/oping_client.c +++ b/src/tools/oping/oping_client.c @@ -138,6 +138,7 @@ void * writer(void * o) while (client.sent < client.count) { nanosleep(&wait, NULL); + msg->type = htonl(ECHO_REQUEST); msg->id = htonl(client.sent); if (flow_write(*fdp, buf, client.size) == -1) { printf("Failed to send SDU.\n"); diff --git a/src/tools/oping/oping_server.c b/src/tools/oping/oping_server.c index 9c7b1be7..0ba47174 100644 --- a/src/tools/oping/oping_server.c +++ b/src/tools/oping/oping_server.c @@ -83,7 +83,8 @@ void * server_thread(void *o) continue; if (ntohl(msg->type) != ECHO_REQUEST) { - printf("Invalid message received.\n"); + printf("Invalid message on fd %d: type %d, len = %d.\n", + fd, ntohl(msg->type), msg_len); continue; } |