• Linus Lüssing's avatar
    batman-adv: fix TT sync flag inconsistencies · 805596e6
    Linus Lüssing authored
    commit 54e22f26 upstream.
    
    This patch fixes an issue in the translation table code potentially
    leading to a TT Request + Response storm. The issue may occur for nodes
    involving BLA and an inconsistent configuration of the batman-adv AP
    isolation feature. However, since the new multicast optimizations, a
    single, malformed packet may lead to a mesh-wide, persistent
    Denial-of-Service, too.
    
    The issue occurs because nodes are currently OR-ing the TT sync flags of
    all originators announcing a specific MAC address via the
    translation table. When an intermediate node now receives a TT Request
    and wants to answer this on behalf of the destination node, then this
    intermediate node now responds with an altered flag field and broken
    CRC. The next OGM of the real destination will lead to a CRC mismatch
    and triggering a TT Request and Response again.
    
    Furthermore, the OR-ing is currently never undone as long as at least
    one originator announcing the according MAC address remains, leading to
    the potential persistency of this issue.
    
    This patch fixes this issue by storing the flags used in the CRC
    calculation on a a per TT orig entry basis to be able to respond with
    the correct, original flags in an intermediate TT Response for one
    thing. And to be able to correctly unset sync flags once all nodes
    announcing a sync flag vanish for another.
    
    Fixes: e9c00136 ("batman-adv: fix tt_global_entries flags update")
    Signed-off-by: default avatarLinus Lüssing <linus.luessing@c0d3.blue>
    Acked-by: default avatarAntonio Quartulli <a@unstable.cc>
    [sw: typo in commit message]
    Signed-off-by: default avatarSimon Wunderlich <sw@simonwunderlich.de>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    805596e6
translation-table.c 130 KB