From 79f1094690f18b24b49023c966172ca8f49d27da Mon Sep 17 00:00:00 2001 From: Sven Eckelmann Date: Tue, 12 Jun 2018 22:10:57 +0200 Subject: [PATCH] batman-adv: add patches from 2018.1-maint 2018-06-12 * compat: initialize sinfo in cfg80211_get_station * Avoid storing non-TT-sync flags on singular entries too * Fix multicast TT issues with bogus ROAM flags Signed-off-by: Sven Eckelmann --- batman-adv/Makefile | 2 +- batman-adv/files/compat-hacks.h | 19 ++++++++ ...-storing-non-TT-sync-flags-on-singul.patch | 37 +++++++++++++++ ...ulticast-TT-issues-with-bogus-ROAM-f.patch | 46 +++++++++++++++++++ 4 files changed, 103 insertions(+), 1 deletion(-) create mode 100644 batman-adv/patches/0044-batman-adv-Avoid-storing-non-TT-sync-flags-on-singul.patch create mode 100644 batman-adv/patches/0045-batman-adv-Fix-multicast-TT-issues-with-bogus-ROAM-f.patch diff --git a/batman-adv/Makefile b/batman-adv/Makefile index 0186698..0a63fa8 100644 --- a/batman-adv/Makefile +++ b/batman-adv/Makefile @@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=batman-adv PKG_VERSION:=2016.5 -PKG_RELEASE:=8 +PKG_RELEASE:=9 PKG_MD5SUM:=6717a933a08dd2a01b00df30cb9f16a8 PKG_HASH:=d0a0fc90c4f410b57d043215e253bb0b855efa5edbe165d87c17bfdcfafd0db7 diff --git a/batman-adv/files/compat-hacks.h b/batman-adv/files/compat-hacks.h index af91f41..ea7200c 100644 --- a/batman-adv/files/compat-hacks.h +++ b/batman-adv/files/compat-hacks.h @@ -204,3 +204,22 @@ static inline int batadv_nla_put_u64_64bit(struct sk_buff *skb, int attrtype, #define __ro_after_init #endif /* < KERNEL_VERSION(4, 10, 0) */ + + +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 18, 0) + +#include + +/* cfg80211 fix: https://patchwork.kernel.org/patch/10449857/ */ +static inline int batadv_cfg80211_get_station(struct net_device *dev, + const u8 *mac_addr, + struct station_info *sinfo) +{ + memset(sinfo, 0, sizeof(*sinfo)); + return cfg80211_get_station(dev, mac_addr, sinfo); +} + +#define cfg80211_get_station(dev, mac_addr, sinfo) \ + batadv_cfg80211_get_station(dev, mac_addr, sinfo) + +#endif /* < KERNEL_VERSION(4, 18, 0) */ diff --git a/batman-adv/patches/0044-batman-adv-Avoid-storing-non-TT-sync-flags-on-singul.patch b/batman-adv/patches/0044-batman-adv-Avoid-storing-non-TT-sync-flags-on-singul.patch new file mode 100644 index 0000000..d28c4b7 --- /dev/null +++ b/batman-adv/patches/0044-batman-adv-Avoid-storing-non-TT-sync-flags-on-singul.patch @@ -0,0 +1,37 @@ +From: Linus Lüssing +Date: Thu, 7 Jun 2018 00:46:23 +0200 +Subject: [PATCH] batman-adv: Avoid storing non-TT-sync flags on singular entries too + +Since commit 382d020fe3fa ("batman-adv: fix TT sync flag inconsistencies") +TT sync flags and TT non-sync'd flags are supposed to be stored +separately. + +The previous patch missed to apply this separation on a TT entry with +only a single TT orig entry. + +This is a minor fix because with only a single TT orig entry the DDoS +issue the former patch solves does not apply. + +Fixes: 382d020fe3fa ("batman-adv: fix TT sync flag inconsistencies") +Signed-off-by: Linus Lüssing +Signed-off-by: Sven Eckelmann + +Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/beb6246b2339852b6a429ae9259a8eb30a685041 +--- + net/batman-adv/translation-table.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c +index 743963bf39dca73f7554f9f85fffd57fd6a3c963..a8b4d9bcb318656022a30f742ede4f38a646d0d1 100644 +--- a/net/batman-adv/translation-table.c ++++ b/net/batman-adv/translation-table.c +@@ -1695,7 +1695,8 @@ static bool batadv_tt_global_add(struct batadv_priv *bat_priv, + ether_addr_copy(common->addr, tt_addr); + common->vid = vid; + +- common->flags = flags; ++ common->flags = flags & (~BATADV_TT_SYNC_MASK); ++ + tt_global_entry->roam_at = 0; + /* node must store current time in case of roaming. This is + * needed to purge this entry out on timeout (if nobody claims diff --git a/batman-adv/patches/0045-batman-adv-Fix-multicast-TT-issues-with-bogus-ROAM-f.patch b/batman-adv/patches/0045-batman-adv-Fix-multicast-TT-issues-with-bogus-ROAM-f.patch new file mode 100644 index 0000000..f4f206f --- /dev/null +++ b/batman-adv/patches/0045-batman-adv-Fix-multicast-TT-issues-with-bogus-ROAM-f.patch @@ -0,0 +1,46 @@ +From: Linus Lüssing +Date: Thu, 7 Jun 2018 00:46:24 +0200 +Subject: [PATCH] batman-adv: Fix multicast TT issues with bogus ROAM flags + +When a (broken) node wrongly sends multicast TT entries with a ROAM +flag then this causes any receiving node to drop all entries for the +same multicast MAC address announced by other nodes, leading to +packet loss. + +Fix this DoS vector by only storing TT sync flags. For multicast TT +non-sync'ing flag bits like ROAM are unused so far anyway. + +Fixes: 405cc1e5a81e ("batman-adv: Modified forwarding behaviour for multicast packets") +Reported-by: Leonardo Mörlein +Signed-off-by: Linus Lüssing +Signed-off-by: Sven Eckelmann + +Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/c7054ffae0c3b08bb4bef3cffee1e0a543e14096 +--- + net/batman-adv/translation-table.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c +index a8b4d9bcb318656022a30f742ede4f38a646d0d1..143a00f90d1d925aad7113f897d06f435f28dcd8 100644 +--- a/net/batman-adv/translation-table.c ++++ b/net/batman-adv/translation-table.c +@@ -1695,7 +1695,8 @@ static bool batadv_tt_global_add(struct batadv_priv *bat_priv, + ether_addr_copy(common->addr, tt_addr); + common->vid = vid; + +- common->flags = flags & (~BATADV_TT_SYNC_MASK); ++ if (!is_multicast_ether_addr(common->addr)) ++ common->flags = flags & (~BATADV_TT_SYNC_MASK); + + tt_global_entry->roam_at = 0; + /* node must store current time in case of roaming. This is +@@ -1759,7 +1760,8 @@ static bool batadv_tt_global_add(struct batadv_priv *bat_priv, + * TT_CLIENT_TEMP, therefore they have to be copied in the + * client entry + */ +- common->flags |= flags & (~BATADV_TT_SYNC_MASK); ++ if (!is_multicast_ether_addr(common->addr)) ++ common->flags |= flags & (~BATADV_TT_SYNC_MASK); + + /* If there is the BATADV_TT_CLIENT_ROAM flag set, there is only + * one originator left in the list and we previously received a