| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame] | 1 | From 4dabd94d598dd893aaaffbd71c315923c8827a14 Mon Sep 17 00:00:00 2001 |
| 2 | From: Nick Hainke <vincent@systemli.org> |
| 3 | Date: Wed, 22 Jun 2022 14:08:04 +0200 |
| 4 | Subject: [PATCH] olsrd: prevent storm patches |
| 5 | |
| 6 | As described in the PR: |
| 7 | |
| 8 | Limit the positive sequence number difference which is considered valid, |
| 9 | and prevent network storms. |
| 10 | Source: https://github.com/aredn/aredn_packages/pull/5 |
| 11 | |
| 12 | Signed-off-by: Nick Hainke <vincent@systemli.org> |
| 13 | --- |
| 14 | src/duplicate_set.c | 16 ++++++++-------- |
| 15 | src/duplicate_set.h | 5 +++-- |
| 16 | 2 files changed, 11 insertions(+), 10 deletions(-) |
| 17 | |
| 18 | --- a/src/duplicate_set.c |
| 19 | +++ b/src/duplicate_set.c |
| 20 | @@ -70,7 +70,7 @@ void olsr_cleanup_duplicates(union olsr_ |
| 21 | |
| 22 | entry = (struct dup_entry *)olsrd_avl_find(&duplicate_set, orig); |
| 23 | if (entry != NULL) { |
| 24 | - entry->too_low_counter = DUP_MAX_TOO_LOW - 2; |
| 25 | + entry->out_of_bounds_counter = DUP_MAX_OUT_OF_BOUNDS - 2; |
| 26 | } |
| 27 | } |
| 28 | |
| 29 | @@ -82,7 +82,7 @@ olsr_create_duplicate_entry(void *ip, ui |
| 30 | if (entry != NULL) { |
| 31 | memcpy(&entry->ip, ip, olsr_cnf->ip_version == AF_INET ? sizeof(entry->ip.v4) : sizeof(entry->ip.v6)); |
| 32 | entry->seqnr = seqnr; |
| 33 | - entry->too_low_counter = 0; |
| 34 | + entry->out_of_bounds_counter = 0; |
| 35 | entry->olsrd_avl.key = &entry->ip; |
| 36 | entry->array = 0; |
| 37 | } |
| 38 | @@ -160,12 +160,12 @@ olsr_message_is_duplicate(union olsr_mes |
| 39 | } |
| 40 | |
| 41 | diff = olsr_seqno_diff(seqnr, entry->seqnr); |
| 42 | - if (diff < -31) { |
| 43 | - entry->too_low_counter++; |
| 44 | + if (diff < -31 || diff > DUP_SEQNR_DIFF_HIGH_LIMIT) { |
| 45 | + entry->out_of_bounds_counter++; |
| 46 | |
| 47 | - // client did restart with a lower number ? |
| 48 | - if (entry->too_low_counter > DUP_MAX_TOO_LOW) { |
| 49 | - entry->too_low_counter = 0; |
| 50 | + // client did restart with a too low or too high number ? |
| 51 | + if (entry->out_of_bounds_counter > DUP_MAX_OUT_OF_BOUNDS) { |
| 52 | + entry->out_of_bounds_counter = 0; |
| 53 | entry->seqnr = seqnr; |
| 54 | entry->array = 1; |
| 55 | return false; /* start with a new sequence number, so NO duplicate */ |
| 56 | @@ -174,7 +174,7 @@ olsr_message_is_duplicate(union olsr_mes |
| 57 | return true; /* duplicate ! */ |
| 58 | } |
| 59 | |
| 60 | - entry->too_low_counter = 0; |
| 61 | + entry->out_of_bounds_counter = 0; |
| 62 | if (diff <= 0) { |
| 63 | uint32_t bitmask = 1u << ((uint32_t) (-diff)); |
| 64 | |
| 65 | --- a/src/duplicate_set.h |
| 66 | +++ b/src/duplicate_set.h |
| 67 | @@ -54,13 +54,14 @@ |
| 68 | #define DUPLICATE_CLEANUP_INTERVAL 15000 |
| 69 | #define DUPLICATE_CLEANUP_JITTER 25 |
| 70 | #define DUPLICATE_VTIME 120000 |
| 71 | -#define DUP_MAX_TOO_LOW 16 |
| 72 | +#define DUP_MAX_OUT_OF_BOUNDS 16 |
| 73 | +#define DUP_SEQNR_DIFF_HIGH_LIMIT 0x2000 |
| 74 | |
| 75 | struct dup_entry { |
| 76 | struct olsrd_avl_node olsrd_avl; |
| 77 | union olsr_ip_addr ip; |
| 78 | uint16_t seqnr; |
| 79 | - uint16_t too_low_counter; |
| 80 | + uint16_t out_of_bounds_counter; |
| 81 | uint32_t array; |
| 82 | uint32_t valid_until; |
| 83 | }; |