add self mac check and fix issue in VRF

2022-04-05 23:55:00 +08:00 · 2022-04-05 23:55:00 +08:00 · baeade1857
commit baeade1857
parent 7dca84a6ba
3 changed files with 114 additions and 1 deletions
--- a/bugfix-add-SO_BINDTODEVICE.patch
+++ b/bugfix-add-SO_BINDTODEVICE.patch
@ -0,0 +1,27 @@
+From 03a0daf4b4dc010debf534f28c37cf65e07c1037 Mon Sep 17 00:00:00 2001
+From: gaoxingwang <gaoxingwang@huawei.com>
+Date: Thu, 15 Jul 2021 18:37:32 +0800
+Subject: [PATCH] add SO_BINDTODEVICE
+
+---
+ src/ndisc.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/ndisc.c b/src/ndisc.c
+index bfd7cb7..0adedf5 100644
+--- a/src/ndisc.c
+++ b/src/ndisc.c
+@@ -783,6 +783,10 @@ ndisc (const char *name, const char *ifname, unsigned flags, unsigned retry,
+ 	}
+ 
+ 	setsockopt (fd, SOL_SOCKET, SO_DONTROUTE, &(int){ 1 }, sizeof (int));
+    struct ifreq req;
+    memset(&req, 0, sizeof(struct ifreq));
+    strncpy(req.ifr_name, ifname, IFNAMSIZ - 1);
+    setsockopt (fd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&req, sizeof(req));
+ 
+ 	/* sets Hop-by-hop limit to 255 */
+ 	sethoplimit (fd, 255);
+-- 
+2.27.0
+
--- a/bugfix-add-self-mac-check.patch
+++ b/bugfix-add-self-mac-check.patch
@ -0,0 +1,77 @@
+From ca9855d18c20c663991740bdfe7f8ab0f35ebccf Mon Sep 17 00:00:00 2001
+From: Aichun Li <liaichun@huawei.com>
+Date: Wed, 23 Dec 2020 22:48:14 +0800
+Subject: [PATCH] add self mac check
+
+Signed-off-by: Aichun Li <liaichun@huawei.com>
+---
+ src/ndisc.c | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/src/ndisc.c b/src/ndisc.c
+index 4373a17..bfd7cb7 100644
+--- a/src/ndisc.c
+++ b/src/ndisc.c
+@@ -253,7 +253,7 @@ buildsol (solicit_packet *ns, struct sockaddr_in6 *tgt, const char *ifname)
+ 
+ static int
+ parseadv (const uint8_t *buf, size_t len, const struct sockaddr_in6 *tgt,
+-          bool verbose)
+          bool verbose, const uint8_t *selfmac)
+ {
+ 	const struct nd_neighbor_advert *na =
+ 		(const struct nd_neighbor_advert *)buf;
+@@ -295,6 +295,10 @@ parseadv (const uint8_t *buf, size_t len, const struct sockaddr_in6 *tgt,
+ 		/* Found! displays link-layer address */
+ 		ptr += 2;
+ 		optlen -= 2;
+		/* add self mac check */
+		if (memcmp(ptr, selfmac, optlen) == 0) {
+			return -1;
+		}
+ 		if (verbose)
+ 			fputs (_("Target link-layer address: "), stdout);
+ 
+@@ -498,7 +502,7 @@ parsednssl (const uint8_t *opt)
+ 
+ static int
+ parseadv (const uint8_t *buf, size_t len, const struct sockaddr_in6 *tgt,
+-          bool verbose)
+          bool verbose, const uint8_t *selfmac)
+ {
+ 	const struct nd_router_advert *ra =
+ 		(const struct nd_router_advert *)buf;
+@@ -670,7 +674,7 @@ recvfromLL (int fd, void *buf, size_t len, int flags,
+ 
+ static ssize_t
+ recvadv (int fd, const struct sockaddr_in6 *tgt, unsigned wait_ms,
+-         unsigned flags)
+         unsigned flags, const uint8_t *selfmac)
+ {
+ 	struct timespec end;
+ 	unsigned responses = 0;
+@@ -730,7 +734,7 @@ recvadv (int fd, const struct sockaddr_in6 *tgt, unsigned wait_ms,
+ 		 && (addr.sin6_scope_id != tgt->sin6_scope_id))
+ 			continue;
+ 
+-		if (parseadv (buf.b, val, tgt, (flags & NDISC_VERBOSE) != 0) == 0)
+		if (parseadv (buf.b, val, tgt, (flags & NDISC_VERBOSE) != 0, selfmac) == 0)
+ 		{
+ 			if (flags & NDISC_VERBOSE)
+ 			{
+@@ -824,7 +828,11 @@ ndisc (const char *name, const char *ifname, unsigned flags, unsigned retry,
+ 			retry--;
+ 	
+ 			/* receives an Advertisement */
+-			ssize_t val = recvadv (fd, &tgt, wait_ms, flags);
+#ifndef RDISC
+			ssize_t val = recvadv (fd, &tgt, wait_ms, flags, packet.hw_addr);
+#else
+			ssize_t val = recvadv (fd, &tgt, wait_ms, flags, NULL);
+#endif
+ 			if (val > 0)
+ 			{
+ 				close (fd);
+-- 
+2.19.1
+
--- a/ndisc6.spec
+++ b/ndisc6.spec
@ -1,11 +1,14 @@
 Name:		ndisc6
 Version:	1.0.4
-Release:	2
+Release:	3
 Summary:	IPv6 diagnostic tools
 License:	GPLv2 or GPLv3
 URL:		http://www.remlab.net/ndisc6
 Source0:	http://www.remlab.net/files/ndisc6/%{name}-%{version}.tar.bz2

+Patch0:    	bugfix-add-self-mac-check.patch
+Patch1:    	bugfix-add-SO_BINDTODEVICE.patch
+
 BuildRequires:	gcc perl-generators

 %description
@ -44,6 +47,12 @@ It includes the follwing programs :
 %{_mandir}/man*

 %changelog
+* Tue Apr 5 2022 gaoxingwang <gaoxingwang@huawei.com> - 1.0.4-3
+- Type:bugfix
+- CVE:NA
+- SUG:restart
+- DESC: add self mac check and fix issue in VRF
+
 * Mon Oct 19 2020 orange-snn <songnannan2@huawei.com> - 1.0.4-2
 - change the spec name to ndisc6 from ndisc