| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
|
|
|
|
|
|
|
|
|
|
|
| |
select() doesn't support file descriptors greater than 1023. If the
program has many files open, the socket descriptor can be > 1023 and
then FD_SET(fd, &rfds) causes a buffer overflow.
Switch to poll() and ppoll() which don't have this limitation.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
|
|
|
|
|
|
|
|
| |
libndp should be thread safe. There is really no need to use a
static buffer in this case.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
|
|
|
|
|
|
|
|
|
| |
ndptool is of single threaded, so there is no actual problem here.
However, I think it not best to use static variables, and in
this case it can be easily avoided.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libndp should be thread safe. That doesn't mean, that one "struct ndp"
can be used by multiple threads without locking. But it should be
reasonably possible to use the library in a multi threaded scenario.
Some API functions return values that are cached in static variables.
That makes these function (and the entire library) not thread safe.
Fix that by using gcc's __thread specifier for thread local storage.
This is also supported by clang.
Currently, it's not clear whether all compiler that libndp supports,
support this. I expect that to be the case. Hence, the NDP_THREAD define
does not try to workaround such (yet unknown) build environments. However,
if the need arises, we can easily extend the NDP_THREAD define with some
conditional compilation.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
|
|
|
|
|
|
|
|
| |
ndptool is single threaded, so this isn't an actual issue. But
it's ugly and unnecessary.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
|
|
|
|
|
| |
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
|
|
|
|
|
|
|
|
|
| |
We use strdup to copy the parameters. As strdup will call malloc when
obtain the memory, we need to free them before exit, or there will be
memory leak. This is found by covscan.
Signed-off-by: Hangbin Liu <haliu@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch add -D dest option, with this option a user could set the dest
address in IPv6 header for solicited NS/NA message
For function ndp_msg_addrto_adjust_solicit_multi(), I moved the check
in ndp_msg_target_set() instead of in the function itself.
I also use reverse christmas tree variable order in the main() function
of ndptool.c.
Signed-off-by: Hangbin Liu <haliu@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
| |
When setting the target address of nd_msg, I set the ns/na type reversed.
Fixes: acccd780df517 ("ndptool: add -T target support")
Signed-off-by: Hangbin Liu <haliu@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
| |
Fixes: acccd780df517 ("ndptool: add -T target support")
Signed-off-by: Hangbin Liu <haliu@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
|
| |
In my last commit acccd780df517 ("ndptool: add -T target support"), after
renaming parameter -d to -T. I forgot to change the name in switch opt.
Fixes: acccd780df517 ("ndptool: add -T target support")
Signed-off-by: Hangbin Liu <haliu@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently ndptool can send a Neighbour Solicitation, but does not target
an IP address, so the NS packet doesn't really make sense.
Extend ndptool to target a destination for Neighbour Solicitation.
v2:
1) remove function ipv6_addr_is_multicast()
2) inline some help functions.
3) update code style.
4) rename parameter -d/--dest to -T/--target
Signed-off-by: Hangbin Liu <haliu@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
|
| |
Use setsockopt() to set a filter on the socket and accept only
Neighbor discover packets. This avoids wasting processing power on
frames we're not interested in.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
|
| |
In a following commit ndp_sock_open() will refer to
ndp_msg_type_info_list to add a filter on handled ICMP types. Move the
open and close functions below in a dedicated section.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
| |
FD_ZERO, fd_set, etc are defined within sys/select.h on musl.
Signed-off-by: Kylie McClain <somasis@exherbo.org>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
|
|
| |
RFC4861 suggests that these messages should only originate from
link-local addresses in 6.1.2 (RA) and 8.1. (redirect):
Mitigates CVE-2016-3698.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
None of the NDP messages should ever come from a non-local network; as
stated in RFC4861's 6.1.1 (RS), 6.1.2 (RA), 7.1.1 (NS), 7.1.2 (NA),
and 8.1. (redirect):
- The IP Hop Limit field has a value of 255, i.e., the packet
could not possibly have been forwarded by a router.
This fixes CVE-2016-3698.
Reported by: Julien BERNARD <julien.bernard@viagenie.ca>
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
| |
Fixes: cb1ab5fc8b ("libndp: add option flags to send messages")
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise, compilation fails since commit cb1ab5fc8b:
libndp.c: In function ‘ndp_msgna_flag_router’:
libndp.c:992:18: error: ‘struct nd_neighbor_solicit’ has no member named ‘nd_na_hdr’
return msgna->na->nd_na_flags_reserved & ND_NA_FLAG_ROUTER;
Fixes: dfed476eee ("lib: setup first pointer in all type-specific structures at once")
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
|
| |
Use the new flags interface of message sending, implement sending
Unsolicited NA in ndptool. -U was chosen to mirror established
convention of unsolicited ARP in arping.
Signed-off-by: Jamie Bainbridge <jamie.bainbridge@gmail.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Within NA and RA message types, there are flags such as Solicited and Override
(RFC-4861 Section 4). RA flags are currently implemented but not NA flags, so
add remaining NA flag getters/setters.
Set Solicited/Override flag on NA when appropriate, add a flags interface to
the send API, and implement ability to send Unsolicited NA.
Signed-off-by: Jamie Bainbridge <jamie.bainbridge@gmail.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
|
|
|
|
| |
signalfd() is Linux-specific. Using conventional signal handlers will
allow ndptool to compile on non-Linux systems and old versions of Linux.
Signed-off-by: Andrew Ayer <agwa@andrewayer.name>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
|
|
|
|
|
|
|
| |
The buf array would overflow when processing a malformed DNSSL option
containing a domain name whose labels' combined length exceeded 255 bytes.
To facilitate the bounds checking, the code has been restructured slightly
to be simpler and avoid repeated calls to strlen and strcat.
Signed-off-by: Andrew Ayer <agwa@andrewayer.name>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
|
|
| |
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
parameter and destination in s[n]printf()
cppcheck --enable=all --inconclusive --std=posix .
ndp_msg_opt_dnssl_domain():
if (dom_len > len)
return NULL;
if (strlen(buf))
----> sprintf(buf, "%s.", buf);
buf[strlen(buf) + dom_len] = '\0';
memcpy(buf + strlen(buf), ptr, dom_len);
So just use strcat instead.
Reported-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
|
|
| |
as RFC 2461 requires.
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
|
| |
Signed-off-by: Yanko Kaneti <yaneti@declera.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|
|
|
|
| |
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
|