summaryrefslogtreecommitdiff
path: root/src/libsystemd-network
diff options
context:
space:
mode:
authorMichal Sekletar <msekleta@redhat.com>2014-07-07 14:15:41 +0200
committerMichal Sekletar <msekleta@redhat.com>2014-07-07 15:32:12 +0200
commitb064329fd80b8d0fe2e46c561f92886090fa20d1 (patch)
treeb268799731566967c7b5c224f4682a552b810ab2 /src/libsystemd-network
parent418b9be50018303cde79b423d4701b7fd86ddbdc (diff)
dhcp-network: ignore IP packets with More Fragments (MF) flag set
We already ignore IP fragments, because we expect that Fragment offset (FO) field is not set. However first fragment in a fragmented IP flow will have all zeroes in FO field. We should ignore such packet as well, thus we need to look at MF flag in the IP header. Checking MF flag will filter out all except last packet in fragmented flows. Last one will be ruled out by next check for value of FO.
Diffstat (limited to 'src/libsystemd-network')
-rw-r--r--src/libsystemd-network/dhcp-network.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libsystemd-network/dhcp-network.c b/src/libsystemd-network/dhcp-network.c
index f119cae7ff..17020b0a00 100644
--- a/src/libsystemd-network/dhcp-network.c
+++ b/src/libsystemd-network/dhcp-network.c
@@ -41,6 +41,10 @@ int dhcp_network_bind_raw_socket(int index, union sockaddr_union *link,
BPF_STMT(BPF_LD + BPF_B + BPF_ABS, offsetof(DHCPPacket, ip.protocol)), /* A <- IP protocol */
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 1, 0), /* IP protocol == UDP ? */
BPF_STMT(BPF_RET + BPF_K, 0), /* ignore */
+ BPF_STMT(BPF_LD + BPF_B + BPF_ABS, offsetof(DHCPPacket, ip.frag_off)), /* A <- Flags */
+ BPF_STMT(BPF_ALU + BPF_AND + BPF_K, 0x20), /* A <- A & 0x20 (More Fragments bit) */
+ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 1, 0), /* A == 0 ? */
+ BPF_STMT(BPF_RET + BPF_K, 0), /* ignore */
BPF_STMT(BPF_LD + BPF_H + BPF_ABS, offsetof(DHCPPacket, ip.frag_off)), /* A <- Flags + Fragment offset */
BPF_STMT(BPF_ALU + BPF_AND + BPF_K, 0x1fff), /* A <- A & 0x1fff */
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 1, 0), /* A == 0 ? */