fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-12 23:10:18 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/shared
History
Beniamino Galvani 4588e2e817 n-dhcp4: fix BPF filter endianness issue 
The BPF filter takes the byte containing IP Flags and performs a
bitwise AND with "ntohs(IP_MF | IP_OFFMASK)".

On little-endian architectures the IP_MF flag (0x20) is ANDed with
0xFF3F and so the presence of the flag is correctly detected ignoring
other flags as IP_DF (0x40) or IP_RF (0x80).

On big-endian, "ntohs(IP_MF | IP_OFFMASK)" is 0x3FFF and so the filter
wrongly checks the presence of *any* flags. Therefore, a packet with
the DF flag set is dropped.

Instead, take the two bytes containing flags and offset:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Version|  IHL  |Type of Service|          Total Length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |         Identification        |Flags|      Fragment Offset    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

and verify that IP_MF and the offset are zero.

Fixes: e43b1791a3 ('Merge commit 'e23b3c9c3ac86b065eef002fa5c4321cc4a87df2' as 'shared/n-dhcp4'')

https://bugzilla.redhat.com/show_bug.cgi?id=1861488
https://github.com/nettools/n-dhcp4/pull/19
(cherry picked from commit 03d38e83e558802a82cb0e4847cb1f1ef75ccd16)
(cherry picked from commit 0024cef238)
(cherry picked from commit 80835f8f89)
2020-08-04 16:29:07 +02:00
..
c-list license: Add license using SPDX identifiers to meson build files 2020-02-17 13:16:57 +01:00
c-rbtree license: Add license using SPDX identifiers to meson build files 2020-02-17 13:16:57 +01:00
c-siphash license: Add license using SPDX identifiers to meson build files 2020-02-17 13:16:57 +01:00
c-stdaux license: Add license using SPDX identifiers to meson build files 2020-02-17 13:16:57 +01:00
n-acd license: Add license using SPDX identifiers to meson build files 2020-02-17 13:16:57 +01:00
n-dhcp4 n-dhcp4: fix BPF filter endianness issue 2020-08-04 16:29:07 +02:00
nm-glib-aux shared: fix string truncation in nm_str_buf_append_printf() 2020-06-21 22:34:49 +02:00
nm-keyfile keyfile: suppress bogus warning about [ethernet-s390-options] setting 2020-05-27 09:44:53 +02:00
nm-libnm-aux clients: in debug builds randomly use sync init of NMClient for testing 2019-12-10 09:17:17 +01:00
nm-libnm-core-aux all: unify format of our Copyright source code comments 2019-10-02 17:03:52 +02:00
nm-libnm-core-intern shared: expose size of nm_ethtool_data array in header 2020-03-06 09:49:32 +01:00
nm-std-aux license: relicense "shared/nm-std-aux/nm-dbus-compat.h" under LGPL-2.1+ 2020-01-14 16:54:43 +01:00
nm-udev-aux shared/udev: don't use GIOChannel to watch plain file descriptor 2020-01-13 15:46:04 +01:00
nm-utils nm-setting-bridge: add 'group-address' bridge option 2020-04-06 09:56:11 +02:00
systemd build: fix redefinition of VALGRIND define in "nm-sd-adapt-shared.h" 2020-05-13 17:24:30 +02:00
meson.build systemd: merge branch systemd into master 2020-04-08 09:08:49 +02:00
nm-default.h libnm: include "nm-libnm-utils.h" by default in libnm sources 2019-10-18 22:09:18 +02:00
nm-meta-setting.c libnm-core,cli: add VRF setting 2020-01-14 09:49:01 +01:00
nm-meta-setting.h libnm-core,cli: add VRF setting 2020-01-14 09:49:01 +01:00
nm-test-libnm-utils.h libnm/tests: extend nmtstc_client_new() to create other GObject types 2020-01-28 10:54:14 +01:00
nm-test-utils-impl.c all: use "int/char" instead of "gint/gchar" typedefs 2020-05-08 12:57:11 +02:00
nm-version-macros.h.in release: bump version to 1.23.0 (development) 2019-11-29 15:46:22 +01:00