[systemd-commits] 2 commits - src/libsystemd-network
Michal Sekletar
msekleta at kemper.freedesktop.org
Mon Jul 7 07:00:09 PDT 2014
src/libsystemd-network/dhcp-network.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
New commits:
commit ffc90a11962274ac597b7838f31a4aff0362aa46
Author: Michal Sekletar <msekleta at redhat.com>
Date: Mon Jul 7 15:27:24 2014 +0200
dhcp-network: make clear that we are ANDing Fragment offset field with mask
Reading BPF assembly written as C macros is inherently difficult. Don't
make it harder than necessary and provide clearer explanation in the
comment.
diff --git a/src/libsystemd-network/dhcp-network.c b/src/libsystemd-network/dhcp-network.c
index 17020b0..16411cc 100644
--- a/src/libsystemd-network/dhcp-network.c
+++ b/src/libsystemd-network/dhcp-network.c
@@ -46,7 +46,7 @@ int dhcp_network_bind_raw_socket(int index, union sockaddr_union *link,
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 1, 0), /* A == 0 ? */
BPF_STMT(BPF_RET + BPF_K, 0), /* ignore */
BPF_STMT(BPF_LD + BPF_H + BPF_ABS, offsetof(DHCPPacket, ip.frag_off)), /* A <- Flags + Fragment offset */
- BPF_STMT(BPF_ALU + BPF_AND + BPF_K, 0x1fff), /* A <- A & 0x1fff */
+ BPF_STMT(BPF_ALU + BPF_AND + BPF_K, 0x1fff), /* A <- A & 0x1fff (Fragment offset) */
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 1, 0), /* A == 0 ? */
BPF_STMT(BPF_RET + BPF_K, 0), /* ignore */
BPF_STMT(BPF_LD + BPF_H + BPF_ABS, offsetof(DHCPPacket, udp.dest)), /* A <- UDP destination port */
commit b064329fd80b8d0fe2e46c561f92886090fa20d1
Author: Michal Sekletar <msekleta at redhat.com>
Date: Mon Jul 7 14:15:41 2014 +0200
dhcp-network: ignore IP packets with More Fragments (MF) flag set
We already ignore IP fragments, because we expect that Fragment
offset (FO) field is not set. However first fragment in a fragmented IP
flow will have all zeroes in FO field. We should ignore such packet as
well, thus we need to look at MF flag in the IP header. Checking MF flag
will filter out all except last packet in fragmented flows. Last one
will be ruled out by next check for value of FO.
diff --git a/src/libsystemd-network/dhcp-network.c b/src/libsystemd-network/dhcp-network.c
index f119cae..17020b0 100644
--- a/src/libsystemd-network/dhcp-network.c
+++ b/src/libsystemd-network/dhcp-network.c
@@ -41,6 +41,10 @@ int dhcp_network_bind_raw_socket(int index, union sockaddr_union *link,
BPF_STMT(BPF_LD + BPF_B + BPF_ABS, offsetof(DHCPPacket, ip.protocol)), /* A <- IP protocol */
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 1, 0), /* IP protocol == UDP ? */
BPF_STMT(BPF_RET + BPF_K, 0), /* ignore */
+ BPF_STMT(BPF_LD + BPF_B + BPF_ABS, offsetof(DHCPPacket, ip.frag_off)), /* A <- Flags */
+ BPF_STMT(BPF_ALU + BPF_AND + BPF_K, 0x20), /* A <- A & 0x20 (More Fragments bit) */
+ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 1, 0), /* A == 0 ? */
+ BPF_STMT(BPF_RET + BPF_K, 0), /* ignore */
BPF_STMT(BPF_LD + BPF_H + BPF_ABS, offsetof(DHCPPacket, ip.frag_off)), /* A <- Flags + Fragment offset */
BPF_STMT(BPF_ALU + BPF_AND + BPF_K, 0x1fff), /* A <- A & 0x1fff */
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 1, 0), /* A == 0 ? */
More information about the systemd-commits
mailing list