Hi!
On Mon, Sep 14, 2015 at 10:28:48AM +0000, Alexander V. Chernikov wrote:
A> Author: melifaro
A> Date: Mon Sep 14 10:28:47 2015
A> New Revision: 287779
A> URL: https://svnweb.freebsd.org/changeset/base/287779
A>
A> Log:
A> * Improve error checking for arp messages.
A> * Clean stale headers from if_ether.c.
A>
A> Reported by: rozhuk.im at gmail.com
A> Reviewed by: ae
It would be nice if arpintr() uses ARP_LOG() as in_arpinput() does.
All these messages can be triggered remotely. Please do this
before merging to a stable branch.
A>
A> Modified:
A> head/sys/netinet/if_ether.c
A>
A> Modified: head/sys/netinet/if_ether.c
A>
==============================================================================
A> --- head/sys/netinet/if_ether.c Mon Sep 14 09:56:01 2015
(r287778)
A> +++ head/sys/netinet/if_ether.c Mon Sep 14 10:28:47 2015
(r287779)
A> @@ -58,7 +58,6 @@ __FBSDID("$FreeBSD$");
A> #include <net/if_dl.h>
A> #include <net/if_types.h>
A> #include <net/netisr.h>
A> -#include <net/if_llc.h>
A> #include <net/ethernet.h>
A> #include <net/route.h>
A> #include <net/vnet.h>
A> @@ -71,9 +70,6 @@ __FBSDID("$FreeBSD$");
A> #include <netinet/ip_carp.h>
A> #endif
A>
A> -#include <net/if_arc.h>
A> -#include <net/iso88025.h>
A> -
A> #include <security/mac/mac_framework.h>
A>
A> #define SIN(s) ((const struct sockaddr_in *)(s))
A> @@ -529,6 +525,8 @@ static void
A> arpintr(struct mbuf *m)
A> {
A> struct arphdr *ar;
A> + char *layer;
A> + int hlen;
A>
A> if (m->m_len < sizeof(struct arphdr) &&
A> ((m = m_pullup(m, sizeof(struct arphdr))) == NULL)) {
A> @@ -537,26 +535,56 @@ arpintr(struct mbuf *m)
A> }
A> ar = mtod(m, struct arphdr *);
A>
A> - if (ntohs(ar->ar_hrd) != ARPHRD_ETHER &&
A> - ntohs(ar->ar_hrd) != ARPHRD_IEEE802 &&
A> - ntohs(ar->ar_hrd) != ARPHRD_ARCNET &&
A> - ntohs(ar->ar_hrd) != ARPHRD_IEEE1394 &&
A> - ntohs(ar->ar_hrd) != ARPHRD_INFINIBAND) {
A> - log(LOG_NOTICE, "arp: unknown hardware address format (0x%2D)"
A> - " (from %*D to %*D)\n", (unsigned char *)&ar->ar_hrd, "",
A> - ETHER_ADDR_LEN, (u_char *)ar_sha(ar), ":",
A> - ETHER_ADDR_LEN, (u_char *)ar_tha(ar), ":");
A> + /* Check if length is sufficient */
A> + if ((m = m_pullup(m, arphdr_len(ar))) == NULL) {
A> + log(LOG_NOTICE, "arp: short header received\n");
A> + return;
A> + }
A> + ar = mtod(m, struct arphdr *);
A> +
A> + hlen = 0;
A> + layer = "";
A> + switch (ntohs(ar->ar_hrd)) {
A> + case ARPHRD_ETHER:
A> + hlen = ETHER_ADDR_LEN; /* RFC 826 */
A> + layer = "ethernet";
A> + break;
A> + case ARPHRD_IEEE802:
A> + hlen = 6; /* RFC 1390, FDDI_ADDR_LEN */
A> + layer = "fddi";
A> + break;
A> + case ARPHRD_ARCNET:
A> + hlen = 1; /* RFC 1201, ARC_ADDR_LEN */
A> + layer = "arcnet";
A> + break;
A> + case ARPHRD_INFINIBAND:
A> + hlen = 20; /* RFC 4391, INFINIBAND_ALEN */
A> + layer = "infiniband";
A> + break;
A> + case ARPHRD_IEEE1394:
A> + hlen = 0; /* SHALL be 16 */ /* RFC 2734 */
A> + layer = "firewire";
A> +
A> + /*
A> + * Restrict too long harware addresses.
A> + * Currently we are capable of handling 20-byte
A> + * addresses ( sizeof(lle->ll_addr) )
A> + */
A> + if (ar->ar_hln >= 20)
A> + hlen = 16;
A> + break;
A> + default:
A> + log(LOG_NOTICE, "arp: unknown hardware address format
(0x%2d)\n",
A> + htons(ar->ar_hrd));
A> m_freem(m);
A> return;
A> }
A>
A> - if (m->m_len < arphdr_len(ar)) {
A> - if ((m = m_pullup(m, arphdr_len(ar))) == NULL) {
A> - log(LOG_NOTICE, "arp: runt packet\n");
A> - m_freem(m);
A> - return;
A> - }
A> - ar = mtod(m, struct arphdr *);
A> + if (hlen != 0 && hlen != ar->ar_hln) {
A> + log(LOG_NOTICE, "arp: bad %s header length: %d\n", layer,
A> + ar->ar_hln);
A> + m_freem(m);
A> + return;
A> }
A>
A> ARPSTAT_INC(received);
A> _______________________________________________
A> [email protected] mailing list
A> https://lists.freebsd.org/mailman/listinfo/svn-src-all
A> To unsubscribe, send any mail to "[email protected]"
--
Totus tuus, Glebius.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
