diff options
author | Michal Sekletar <msekleta@redhat.com> | 2014-07-07 14:15:41 +0200 |
---|---|---|
committer | Michal Sekletar <msekleta@redhat.com> | 2014-07-07 15:32:12 +0200 |
commit | b064329fd80b8d0fe2e46c561f92886090fa20d1 (patch) | |
tree | b268799731566967c7b5c224f4682a552b810ab2 /src/libsystemd-network/dhcp-network.c | |
parent | 418b9be50018303cde79b423d4701b7fd86ddbdc (diff) |
dhcp-network: ignore IP packets with More Fragments (MF) flag set
We already ignore IP fragments, because we expect that Fragment
offset (FO) field is not set. However first fragment in a fragmented IP
flow will have all zeroes in FO field. We should ignore such packet as
well, thus we need to look at MF flag in the IP header. Checking MF flag
will filter out all except last packet in fragmented flows. Last one
will be ruled out by next check for value of FO.
Diffstat (limited to 'src/libsystemd-network/dhcp-network.c')
-rw-r--r-- | src/libsystemd-network/dhcp-network.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libsystemd-network/dhcp-network.c b/src/libsystemd-network/dhcp-network.c index f119cae7ff..17020b0a00 100644 --- a/src/libsystemd-network/dhcp-network.c +++ b/src/libsystemd-network/dhcp-network.c @@ -41,6 +41,10 @@ int dhcp_network_bind_raw_socket(int index, union sockaddr_union *link, BPF_STMT(BPF_LD + BPF_B + BPF_ABS, offsetof(DHCPPacket, ip.protocol)), /* A <- IP protocol */ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 1, 0), /* IP protocol == UDP ? */ BPF_STMT(BPF_RET + BPF_K, 0), /* ignore */ + BPF_STMT(BPF_LD + BPF_B + BPF_ABS, offsetof(DHCPPacket, ip.frag_off)), /* A <- Flags */ + BPF_STMT(BPF_ALU + BPF_AND + BPF_K, 0x20), /* A <- A & 0x20 (More Fragments bit) */ + BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 1, 0), /* A == 0 ? */ + BPF_STMT(BPF_RET + BPF_K, 0), /* ignore */ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, offsetof(DHCPPacket, ip.frag_off)), /* A <- Flags + Fragment offset */ BPF_STMT(BPF_ALU + BPF_AND + BPF_K, 0x1fff), /* A <- A & 0x1fff */ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 1, 0), /* A == 0 ? */ |