olsrd/patches/102-olsrd-prevent-storm-patches.patch

   1 From 4dabd94d598dd893aaaffbd71c315923c8827a14 Mon Sep 17 00:00:00 2001
   2 From: Nick Hainke <vincent@systemli.org>
   3 Date: Wed, 22 Jun 2022 14:08:04 +0200
   4 Subject: [PATCH] olsrd: prevent storm patches
   5
   6 As described in the PR:
   7
   8   Limit the positive sequence number difference which is considered valid,
   9   and prevent network storms.
  10   Source: https://github.com/aredn/aredn_packages/pull/5
  11
  12 Signed-off-by: Nick Hainke <vincent@systemli.org>
  13 ---
  14  src/duplicate_set.c | 16 ++++++++--------
  15  src/duplicate_set.h |  5 +++--
  16  2 files changed, 11 insertions(+), 10 deletions(-)
  17
  18 --- a/src/duplicate_set.c
  19 +++ b/src/duplicate_set.c
  20 @@ -70,7 +70,7 @@ void olsr_cleanup_duplicates(union olsr_
  21
  22    entry = (struct dup_entry *)olsrd_avl_find(&duplicate_set, orig);
  23    if (entry != NULL) {
  24 -    entry->too_low_counter = DUP_MAX_TOO_LOW - 2;
  25 +    entry->out_of_bounds_counter = DUP_MAX_OUT_OF_BOUNDS - 2;
  26    }
  27  }
  28
  29 @@ -82,7 +82,7 @@ olsr_create_duplicate_entry(void *ip, ui
  30    if (entry != NULL) {
  31      memcpy(&entry->ip, ip, olsr_cnf->ip_version == AF_INET ? sizeof(entry->ip.v4) : sizeof(entry->ip.v6));
  32      entry->seqnr = seqnr;
  33 -    entry->too_low_counter = 0;
  34 +    entry->out_of_bounds_counter = 0;
  35      entry->olsrd_avl.key = &entry->ip;
  36      entry->array = 0;
  37    }
  38 @@ -160,12 +160,12 @@ olsr_message_is_duplicate(union olsr_mes
  39    }
  40
  41    diff = olsr_seqno_diff(seqnr, entry->seqnr);
  42 -  if (diff < -31) {
  43 -    entry->too_low_counter++;
  44 +  if (diff < -31 || diff > DUP_SEQNR_DIFF_HIGH_LIMIT) {
  45 +    entry->out_of_bounds_counter++;
  46
  47 -    // client did restart with a lower number ?
  48 -    if (entry->too_low_counter > DUP_MAX_TOO_LOW) {
  49 -      entry->too_low_counter = 0;
  50 +    // client did restart with a too low or too high number ?
  51 +    if (entry->out_of_bounds_counter > DUP_MAX_OUT_OF_BOUNDS) {
  52 +      entry->out_of_bounds_counter = 0;
  53        entry->seqnr = seqnr;
  54        entry->array = 1;
  55        return false;             /* start with a new sequence number, so NO duplicate */
  56 @@ -174,7 +174,7 @@ olsr_message_is_duplicate(union olsr_mes
  57      return true;                /* duplicate ! */
  58    }
  59
  60 -  entry->too_low_counter = 0;
  61 +  entry->out_of_bounds_counter = 0;
  62    if (diff <= 0) {
  63      uint32_t bitmask = 1u << ((uint32_t) (-diff));
  64
  65 --- a/src/duplicate_set.h
  66 +++ b/src/duplicate_set.h
  67 @@ -54,13 +54,14 @@
  68  #define DUPLICATE_CLEANUP_INTERVAL 15000
  69  #define DUPLICATE_CLEANUP_JITTER 25
  70  #define DUPLICATE_VTIME 120000
  71 -#define DUP_MAX_TOO_LOW 16
  72 +#define DUP_MAX_OUT_OF_BOUNDS 16
  73 +#define DUP_SEQNR_DIFF_HIGH_LIMIT 0x2000
  74
  75  struct dup_entry {
  76    struct olsrd_avl_node olsrd_avl;
  77    union olsr_ip_addr ip;
  78    uint16_t seqnr;
  79 -  uint16_t too_low_counter;
  80 +  uint16_t out_of_bounds_counter;
  81    uint32_t array;
  82    uint32_t valid_until;
  83  };