| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
select() doesn't support file descriptors greater than 1023. If the
program has many files open, the socket descriptor can be > 1023 and
then FD_SET(fd, &rfds) causes a buffer overflow.
Switch to poll() and ppoll() which don't have this limitation.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
|
|
|
|
|
|
|
|
| |
libndp should be thread safe. There is really no need to use a
static buffer in this case.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libndp should be thread safe. That doesn't mean, that one "struct ndp"
can be used by multiple threads without locking. But it should be
reasonably possible to use the library in a multi threaded scenario.
Some API functions return values that are cached in static variables.
That makes these function (and the entire library) not thread safe.
Fix that by using gcc's __thread specifier for thread local storage.
This is also supported by clang.
Currently, it's not clear whether all compiler that libndp supports,
support this. I expect that to be the case. Hence, the NDP_THREAD define
does not try to workaround such (yet unknown) build environments. However,
if the need arises, we can easily extend the NDP_THREAD define with some
conditional compilation.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch add -D dest option, with this option a user could set the dest
address in IPv6 header for solicited NS/NA message
For function ndp_msg_addrto_adjust_solicit_multi(), I moved the check
in ndp_msg_target_set() instead of in the function itself.
I also use reverse christmas tree variable order in the main() function
of ndptool.c.
Signed-off-by: Hangbin Liu <haliu@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
| |
When setting the target address of nd_msg, I set the ns/na type reversed.
Fixes: acccd780df517 ("ndptool: add -T target support")
Signed-off-by: Hangbin Liu <haliu@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
| |
Fixes: acccd780df517 ("ndptool: add -T target support")
Signed-off-by: Hangbin Liu <haliu@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently ndptool can send a Neighbour Solicitation, but does not target
an IP address, so the NS packet doesn't really make sense.
Extend ndptool to target a destination for Neighbour Solicitation.
v2:
1) remove function ipv6_addr_is_multicast()
2) inline some help functions.
3) update code style.
4) rename parameter -d/--dest to -T/--target
Signed-off-by: Hangbin Liu <haliu@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
|
| |
Use setsockopt() to set a filter on the socket and accept only
Neighbor discover packets. This avoids wasting processing power on
frames we're not interested in.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
|
| |
In a following commit ndp_sock_open() will refer to
ndp_msg_type_info_list to add a filter on handled ICMP types. Move the
open and close functions below in a dedicated section.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
|
|
| |
RFC4861 suggests that these messages should only originate from
link-local addresses in 6.1.2 (RA) and 8.1. (redirect):
Mitigates CVE-2016-3698.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
None of the NDP messages should ever come from a non-local network; as
stated in RFC4861's 6.1.1 (RS), 6.1.2 (RA), 7.1.1 (NS), 7.1.2 (NA),
and 8.1. (redirect):
- The IP Hop Limit field has a value of 255, i.e., the packet
could not possibly have been forwarded by a router.
This fixes CVE-2016-3698.
Reported by: Julien BERNARD <julien.bernard@viagenie.ca>
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
| |
Fixes: cb1ab5fc8b ("libndp: add option flags to send messages")
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise, compilation fails since commit cb1ab5fc8b:
libndp.c: In function ‘ndp_msgna_flag_router’:
libndp.c:992:18: error: ‘struct nd_neighbor_solicit’ has no member named ‘nd_na_hdr’
return msgna->na->nd_na_flags_reserved & ND_NA_FLAG_ROUTER;
Fixes: dfed476eee ("lib: setup first pointer in all type-specific structures at once")
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Within NA and RA message types, there are flags such as Solicited and Override
(RFC-4861 Section 4). RA flags are currently implemented but not NA flags, so
add remaining NA flag getters/setters.
Set Solicited/Override flag on NA when appropriate, add a flags interface to
the send API, and implement ability to send Unsolicited NA.
Signed-off-by: Jamie Bainbridge <jamie.bainbridge@gmail.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
|
|
|
|
|
|
|
| |
The buf array would overflow when processing a malformed DNSSL option
containing a domain name whose labels' combined length exceeded 255 bytes.
To facilitate the bounds checking, the code has been restructured slightly
to be simpler and avoid repeated calls to strlen and strcat.
Signed-off-by: Andrew Ayer <agwa@andrewayer.name>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
parameter and destination in s[n]printf()
cppcheck --enable=all --inconclusive --std=posix .
ndp_msg_opt_dnssl_domain():
if (dom_len > len)
return NULL;
if (strlen(buf))
----> sprintf(buf, "%s.", buf);
buf[strlen(buf) + dom_len] = '\0';
memcpy(buf + strlen(buf), ptr, dom_len);
So just use strcat instead.
Reported-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
|
|
| |
as RFC 2461 requires.
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|