lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20220905203412.1322947-7-miquel.raynal@bootlin.com>
Date:   Mon,  5 Sep 2022 22:34:09 +0200
From:   Miquel Raynal <miquel.raynal@...tlin.com>
To:     Alexander Aring <alex.aring@...il.com>,
        Stefan Schmidt <stefan@...enfreihafen.org>,
        linux-wpan@...r.kernel.org
Cc:     "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Eric Dumazet <edumazet@...gle.com>, netdev@...r.kernel.org,
        David Girault <david.girault@...vo.com>,
        Romuald Despres <romuald.despres@...vo.com>,
        Frederic Blain <frederic.blain@...vo.com>,
        Nicolas Schodet <nico@...fr.eu.org>,
        Thomas Petazzoni <thomas.petazzoni@...tlin.com>,
        Miquel Raynal <miquel.raynal@...tlin.com>
Subject: [PATCH wpan/next v3 6/9] net: mac802154: Add promiscuous software filtering

Currently, the promiscuous mode was not as open as it should. It was not
a big deal because until now promiscuous modes were only used on monitor
interfaces, which would never go this far in the filtering. But as we
might now use this promiscuous mode with NODEs or COORDs, it becomes
necessary to really forward the packets to the upper layers without
additional filtering when relevant. Let's add the necessary logic to
handle this situation.

Signed-off-by: Miquel Raynal <miquel.raynal@...tlin.com>
---
 net/mac802154/rx.c | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/net/mac802154/rx.c b/net/mac802154/rx.c
index bd1a92fceef7..8a8c5a4a2f28 100644
--- a/net/mac802154/rx.c
+++ b/net/mac802154/rx.c
@@ -196,10 +196,31 @@ __ieee802154_rx_handle_packet(struct ieee802154_local *local,
 	int ret;
 	struct ieee802154_sub_if_data *sdata;
 	struct ieee802154_hdr hdr;
+	struct sk_buff *skb2;
 
+	/* Level 2 filtering: Avoid further processing in IEEE 802.15.4 promiscuous modes */
+	list_for_each_entry_rcu(sdata, &local->interfaces, list) {
+		if (!ieee802154_sdata_running(sdata))
+			continue;
+
+		if (sdata->required_filtering < IEEE802154_FILTERING_1_FCS ||
+		    sdata->required_filtering > IEEE802154_FILTERING_2_PROMISCUOUS)
+			continue;
+
+		skb2 = skb_clone(skb, GFP_ATOMIC);
+		if (skb2) {
+			skb2->dev = sdata->dev;
+			ieee802154_deliver_skb(skb2);
+
+			sdata->dev->stats.rx_packets++;
+			sdata->dev->stats.rx_bytes += skb->len;
+		}
+	}
+
+	/* Common filtering between level 3 and 4: frame headers validity */
 	ret = ieee802154_parse_frame_start(skb, &hdr);
 	if (ret) {
-		pr_debug("got invalid frame\n");
+		dev_dbg(&sdata->dev->dev, "invalid frame headers\n");
 		kfree_skb(skb);
 		return;
 	}
@@ -208,7 +229,7 @@ __ieee802154_rx_handle_packet(struct ieee802154_local *local,
 		if (!ieee802154_sdata_running(sdata))
 			continue;
 
-		if (sdata->required_filtering == IEEE802154_FILTERING_NONE)
+		if (sdata->required_filtering <= IEEE802154_FILTERING_2_PROMISCUOUS)
 			continue;
 
 		ieee802154_subif_frame(sdata, skb, &hdr);
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ