Sven Eckelmann | 26 May 18:34 2015

[PATCH 1/2] batman-adv: Replace C99 int types with kernel type

(s|u)(8|16|32|64) are the preferred types in the kernel. The use of the
standard C99 types u?int(8|16|32|64)_t are objected by some people and even
checkpatch now warns about using them.

Signed-off-by: Sven Eckelmann <sven-KaDOiPu9UxWEi8DpZVb4nw <at> public.gmane.org>
---
 compat-include/linux/kernel.h          |   2 +-
 compat-include/linux/percpu.h          |   2 +-
 net/batman-adv/bat_iv_ogm.c            |  94 +++++++-------
 net/batman-adv/bitarray.c              |   6 +-
 net/batman-adv/bitarray.h              |  10 +-
 net/batman-adv/bridge_loop_avoidance.c |  72 ++++++-----
 net/batman-adv/bridge_loop_avoidance.h |   5 +-
 net/batman-adv/distributed-arp-table.c |  59 +++++----
 net/batman-adv/distributed-arp-table.h |   8 +-
 net/batman-adv/fragmentation.c         |  10 +-
 net/batman-adv/gateway_client.c        |  16 +--
 net/batman-adv/gateway_client.h        |   2 +-
 net/batman-adv/gateway_common.c        |  11 +-
 net/batman-adv/hash.c                  |   6 +-
 net/batman-adv/hash.h                  |  12 +-
 net/batman-adv/icmp_socket.c           |   2 +-
 net/batman-adv/main.c                  |  69 +++++-----
 net/batman-adv/main.h                  |  48 ++++---
 net/batman-adv/multicast.c             |  16 +--
 net/batman-adv/network-coding.c        |  44 ++++---
 net/batman-adv/originator.c            |  15 ++-
 net/batman-adv/originator.h            |  11 +-
 net/batman-adv/packet.h                | 204 +++++++++++++++---------------
 net/batman-adv/routing.c               |  24 ++--
(Continue reading)

Simon Wunderlich | 19 May 15:14 2015
Picon

The Joker attacks

After laying low for quite some time, the Joker finally makes its appearance! 
"The Joker" - a penetration testing and research tool to test security aspects 
of batman-adv networks - was developed by security researchers Pedro Larbig 
and Alexander Oberle at TU Darmstadt (Germany), and we finally got permission 
to release the source code to the public.

The tool currently supports the following tests:

 * Peer/Route flooding: flood fake OGMs
 * Blackhole: announce to neighbors that the best route is via the attacker 
node
 * Loop Forming: create local loops on multi-hop paths
 * Fuzzing: modify packets randomly to create malformed packets

Pedro & Alexander developed the tool in order to facilitate their mesh network 
security research. Their work focuses on B.A.T.M.A.N. Advanced version 
2011.1.0 and concluded that this version was performing pretty well in the 
Peer/Route and fuzzing tests. Albeit not being able to prevent maliciously 
provoked loops/blackholes entirely, B.A.T.M.A.N. Advanced did recover quickly 
when needed, according to their study.

To instigate further interest in mesh network security the 'Joker' code base 
is being published alongside this announcement. Hopefully, the Joker inspires 
security researchers as well as developers to investigate and fix issues in the 
B.A.T.M.A.N. protocol and/or implementation. We will also accept contributions 
for the Joker through the usual channels. Note that the tool does currently 
not work with the more recent versions 2013.4.0 or 2014.4.0 and later - 
patches are welcome.

Happy routing,
(Continue reading)

Ruben Wisniewski | 17 May 11:37 2015
Picon

[PATCH] fix algorithm, which was unintentional changed on update from 2013 to 2014

This patch restores the unintentional change on commit 

http://www.open-mesh.org/projects/batman-adv/repository/revisions/0853ec7fafe0a195754454832993c6b35e22b842/diff/gateway_client.c

Original the algorithm uses kbit for calculation, now the values are
stored as "mbit*10" so we have to multiply it with 100 to restore the old
behavior.

Signed-off-by: Ruben Wisniewsi <ruben@...>
---
 net/batman-adv/gateway_client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c
index 1f50661..6f00584 100644
--- a/net/batman-adv/gateway_client.c
+++ b/net/batman-adv/gateway_client.c
 <at>  <at>  -185,7 +185,7  <at>  <at>  batadv_gw_get_best_gw_node(struct batadv_priv *bat_priv)
 		switch (atomic_read(&bat_priv->gw_sel_class)) {
 		case 1: /* fast connection */
 			tmp_gw_factor = tq_avg * tq_avg;
-			tmp_gw_factor *= gw_node->bandwidth_down;
+			tmp_gw_factor *= gw_node->bandwidth_down * 100;
 			tmp_gw_factor *= 100 * 100;
 			tmp_gw_factor /= gw_divisor;

--

-- 
2.4.0

(Continue reading)

Sven Eckelmann | 17 May 11:29 2015

Re: Patch which fixes a uint32overflow ; fix algorithm which was unintented changed on 2014 update

Please don't drop the mailing list when replying (unless it is actually 
private conversation).

On Sunday 17 May 2015 11:21:10 Ruben Wisniewski wrote:
> > should be included:
> Since the overflow-bug seem to be is since epoch, the patch have to be
> applied to all versions.

I am talking about the part which you described yourself as regression. But I 
agree that the overflow bug is in there since the beginning of the gateway 
code.

> But I think batman-adv 2013.x is that old that
> nobody is using it anymore or kernels with that version. So we just
> have to fix all 2014.x versions.

There is a stable branch for Linux 2.6.32.x. Linux 2.6.32 came out 2009. So it 
is possible that David Miller decides to submit the overflow patch to stable 
for 2.6.32. This is not in our jurisdiction. The same may be the case for the 
regression - but then somebody (David Miller/stable team) must know how severe 
the problem is and when it was introduced.

Kind regards,
	Sven
Ruben Wisniewski | 17 May 11:27 2015
Picon

[PATCH] fixes a uint32 overflow

Signed-off-by: Ruben Wisniewsi <ruben@...>
---
 net/batman-adv/gateway_client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c
index bb01586..1f50661 100644
--- a/net/batman-adv/gateway_client.c
+++ b/net/batman-adv/gateway_client.c
 <at>  <at>  -153,7 +153,7  <at>  <at>  batadv_gw_get_best_gw_node(struct batadv_priv *bat_priv)
 	struct batadv_neigh_node *router;
 	struct batadv_neigh_ifinfo *router_ifinfo;
 	struct batadv_gw_node *gw_node, *curr_gw = NULL;
-	uint32_t max_gw_factor = 0, tmp_gw_factor = 0;
+	uint64_t max_gw_factor = 0, tmp_gw_factor = 0;
 	uint32_t gw_divisor;
 	uint8_t max_tq = 0;
 	uint8_t tq_avg;
--

-- 
2.4.0

Sven Eckelmann | 17 May 11:18 2015

Re: Patch to add mesh_no_rebroadcast

Please don't drop the mailing list when replying (unless it is actually 
private conversation).

On Sunday 17 May 2015 11:12:08 Ruben Wisniewski wrote:
> schrieb Sven Eckelmann <sven@...>:
> > Why are you sending a patch from Linus?
> 
> Because Simon said to me to do so yesterday. :)

See my other mail with a more detailed explanation.

> > And this patch doesn't apply on current master or next.
> 
> We have this patch in our setup and it's applying to 2015.0.

But v2015.0 is not master or next. And since it is a new feature, I would 
guess it should be applied on master.

Kind regards,
	Sven
Linus Lüssing | 17 May 02:22 2015

[PATCHv6 0/3] batman-adv: Unicasting multicast reports to querier-node only

The last round of multicast patches send to the batman-adv mailinglist
to add support for the multicast optimizations in bridged scenarios, too,
unfortunately had one major conceptual flaw: It could lead to packet loss.
It's not sufficient to have the unicasting of reports implemented on
bridge-nodes only. Nodes without bridges need to treat reports the same
way.

The issue is described in detail here:

https://www.open-mesh.org/projects/batman-adv/wiki/Multicast-optimizations-listener-reports

Cheers, Linus

-----

Changelog:
v6:
 * compat: copied copyright headers from original upstream c files
 * compat: unified ordering in compat c files:
   -> copyright header, then includes, then kernel specific functions
v5:
 * Removed RFC tag: Needed exports got merged to net-next and are going to
   be available with Linux 4.2
 * Redid compat solution - now fully backwards compatible down to 2.6.33
v4:
 * excluded bridge part from this patchset, they should
   hopefully be added to net-next soon
 * Added a compat solution (PATCH 3/3)
 * Removed Kconfig-depends as by David's suggestion the needed parsing
   functions for MLD are going to be forced built-ins even if IPv6 is
(Continue reading)

Ruben Wisniewski | 16 May 22:26 2015
Picon

[PATCH] gw-bandwidth: fix potential overflow on very large input values, limit them to 100 GBit/s

Signed-off-by: Ruben Wisniewsi <ruben@...>
---
 net/batman-adv/gateway_common.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/batman-adv/gateway_common.c
b/net/batman-adv/gateway_common.c index 39cf44c..6b0f4d3 100644
--- a/net/batman-adv/gateway_common.c
+++ b/net/batman-adv/gateway_common.c
 <at>  <at>  -71,10 +71,16  <at>  <at>  static bool batadv_parse_gw_bandwidth(struct
net_device *net_dev, char *buff, 
 	switch (bw_unit_type) {
 	case BATADV_BW_UNIT_MBIT:
+		/* limit input to 100 GBit/s */
+		if (ldown > 100000) 
+			ldown = 100000
 		*down = ldown * 10;
 		break;
 	case BATADV_BW_UNIT_KBIT:
 	default:
+		/* limit input to 100 GBit/s */
+		if (ldown > 100000000)
+			ldown = 100000000
 		*down = ldown / 100;
 		break;
 	}
--

-- 
2.4.0

(Continue reading)

Ruben Wisniewski | 16 May 22:15 2015
Picon

Patch which fixes a uint32overflow ; fix algorithm which was unintented changed on 2014 update

Changelog

* fix overflow of uint32-value while multiplying
* restore algorithm to origin calculation which expect kbit/s values

Signed-off-by: Ruben Wisniewsi <ruben@...>
---
 net/batman-adv/gateway_client.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/batman-adv/gateway_client.c
b/net/batman-adv/gateway_client.c index bb01586..6f00584 100644
--- a/net/batman-adv/gateway_client.c
+++ b/net/batman-adv/gateway_client.c
 <at>  <at>  -153,7 +153,7  <at>  <at>  batadv_gw_get_best_gw_node(struct batadv_priv
*bat_priv) struct batadv_neigh_node *router;
 	struct batadv_neigh_ifinfo *router_ifinfo;
 	struct batadv_gw_node *gw_node, *curr_gw = NULL;
-	uint32_t max_gw_factor = 0, tmp_gw_factor = 0;
+	uint64_t max_gw_factor = 0, tmp_gw_factor = 0;
 	uint32_t gw_divisor;
 	uint8_t max_tq = 0;
 	uint8_t tq_avg;
 <at>  <at>  -185,7 +185,7  <at>  <at>  batadv_gw_get_best_gw_node(struct batadv_priv
*bat_priv) switch (atomic_read(&bat_priv->gw_sel_class)) {
 		case 1: /* fast connection */
 			tmp_gw_factor = tq_avg * tq_avg;
-			tmp_gw_factor *= gw_node->bandwidth_down;
+			tmp_gw_factor *= gw_node->bandwidth_down * 100;
 			tmp_gw_factor *= 100 * 100;
(Continue reading)

Ruben Wisniewski | 16 May 22:07 2015
Picon

Patch to add mesh_no_rebroadcast


Signed-off-by: Linus Lüssing <linus.luessing@...>
---
 hard-interface.c           |  2 ++
 send.c                     |  4 ++++
 sysfs-class-net-batman-adv | 10 ++++++++
 sysfs.c                    | 59 ++++++++++++++++++++++++++++++++++++++++++++++
 types.h                    |  1 +
 5 files changed, 76 insertions(+)

diff --git a/hard-interface.c b/hard-interface.c
index fbda6b5..3997f9c 100644
--- a/hard-interface.c
+++ b/hard-interface.c
 <at>  <at>  -591,6 +591,8  <at>  <at>  batadv_hardif_add_interface(struct net_device *net_dev)
 	/* extra reference for return */
 	atomic_set(&hard_iface->refcount, 2);

+	atomic_set(&hard_iface->no_rebroadcast, 0);
+
 	batadv_check_known_mac_addr(hard_iface->net_dev);
 	list_add_tail_rcu(&hard_iface->list, &batadv_hardif_list);

diff --git a/send.c b/send.c
index d27161e..4383a66 100644
--- a/send.c
+++ b/send.c
 <at>  <at>  -513,6 +513,10  <at>  <at>  static void batadv_send_outstanding_bcast_packet(struct work_struct *work)
 		if (forw_packet->num_packets >= hard_iface->num_bcasts)
 			continue;
(Continue reading)

Sven Eckelmann | 11 May 21:16 2015

Patches for David Miller/net-next

Hi,

here are the patches which must be submitted (signed/polished/...) to net-
next.

I've also included a bundle to get the same merge in linux-merge.git as I did:

    $ git clone git://git.open-mesh.org/linux-merge.git
    $ cd linux-merge
    $ git remote add net-next \
      git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
    $ git remote add pkg git://git.open-mesh.org/batman-adv.git
    $ git remote update
    $ git bundle unbundle ~/merge_master.bundle refs/heads/merge/master
    $ git merge 685fb7ce925b138c8d53718d8622821eddc0c514
    # NOW PUSH IT

I've only tested it on net-next 3bb45001ac33b4f733e1e8ffb01fb07baccd528c 
("Merge branch 'handle_ing_lightweight'")

Kind regards,
	Sven
# v2 git bundle
-34124bb9bd89b4a4f802b45e9d2858c7625b7703 Merge branch 'next'
-89d7f01ec4e2c4cd6ab603d9d8f4284d9ae32dd7 batman-adv: Kconfig, Add missing DEBUG_FS dependency
685fb7ce925b138c8d53718d8622821eddc0c514 refs/heads/merge/master

PACK
Attachment (to_net-next.tar.xz): application/x-xz-compressed-tar, 29 KiB
(Continue reading)


Gmane