fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-12 05:40:17 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/shared
History
Beniamino Galvani 3c6b14fa0d
n-dhcp4: fix BPF filter endianness issue 
The BPF filter takes the byte containing IP Flags and performs a
bitwise AND with "ntohs(IP_MF | IP_OFFMASK)".

On little-endian architectures the IP_MF flag (0x20) is ANDed with
0xFF3F and so the presence of the flag is correctly detected ignoring
other flags as IP_DF (0x40) or IP_RF (0x80).

On big-endian, "ntohs(IP_MF | IP_OFFMASK)" is 0x3FFF and so the filter
wrongly checks the presence of *any* flags. Therefore, a packet with
the DF flag set is dropped.

Instead, take the two bytes containing flags and offset:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Version|  IHL  |Type of Service|          Total Length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |         Identification        |Flags|      Fragment Offset    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

and verify that IP_MF and the offset are zero.

Fixes: e43b1791a3 ('Merge commit 'e23b3c9c3ac86b065eef002fa5c4321cc4a87df2' as 'shared/n-dhcp4'')

https://bugzilla.redhat.com/show_bug.cgi?id=1861488
https://github.com/nettools/n-dhcp4/pull/19
(cherry picked from commit 03d38e83e558802a82cb0e4847cb1f1ef75ccd16)
(cherry picked from commit 0024cef238)
(cherry picked from commit 80835f8f89)
(cherry picked from commit 4588e2e817)
(cherry picked from commit 7208f594f6)
2020-09-08 14:57:59 +02:00
..
c-list shared/c-list: reimport 2019-04-14 17:22:04 +02:00
c-rbtree shared/c-rbtree: reimport 2019-04-14 17:23:01 +02:00
c-siphash shared/c-siphash: reimport 2019-04-14 17:23:25 +02:00
c-stdaux shared: patch c-stdaux.h to not include <stdatomic.h> 2019-04-14 17:17:52 +02:00
n-acd n-acd: fix leaking socket handle in n_acd_socket_new() when setsockopt() fails 2019-08-02 11:30:30 +02:00
n-dhcp4 n-dhcp4: fix BPF filter endianness issue 2020-09-08 14:57:59 +02:00
nm-glib-aux all: use wrappers for g_ascii_strtoll(), g_ascii_strtoull(), g_ascii_strtod() 2020-05-02 14:57:53 +02:00
nm-libnm-core-aux all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-libnm-core-intern all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-std-aux all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-udev-aux all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-utils shared/tests: add nmtst_keyfile_get_num_keys() helper 2019-08-27 12:00:55 +02:00
systemd shared: export systemd dns and hostname validation functions 2020-02-10 09:44:01 +01:00
meson.build systemd: merge branch systemd into master 2019-07-26 15:00:08 +02:00
nm-default.h all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-meta-setting.c libnm-core: add ovs-dpdk setting 2019-06-14 12:10:20 +02:00
nm-meta-setting.h libnm-core: add ovs-dpdk setting 2019-06-14 12:10:20 +02:00
nm-test-libnm-utils.h all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-test-utils-impl.c all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-version-macros.h.in all: add 802-1x.optional property 2019-11-06 11:46:04 +01:00