From: Michal Sekletar Date: Mon, 7 Jul 2014 12:15:41 +0000 (+0200) Subject: dhcp-network: ignore IP packets with More Fragments (MF) flag set X-Git-Tag: v216~737 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=b064329fd80b8d0fe2e46c561f92886090fa20d1 dhcp-network: ignore IP packets with More Fragments (MF) flag set We already ignore IP fragments, because we expect that Fragment offset (FO) field is not set. However first fragment in a fragmented IP flow will have all zeroes in FO field. We should ignore such packet as well, thus we need to look at MF flag in the IP header. Checking MF flag will filter out all except last packet in fragmented flows. Last one will be ruled out by next check for value of FO. --- diff --git a/src/libsystemd-network/dhcp-network.c b/src/libsystemd-network/dhcp-network.c index f119cae7f..17020b0a0 100644 --- a/src/libsystemd-network/dhcp-network.c +++ b/src/libsystemd-network/dhcp-network.c @@ -41,6 +41,10 @@ int dhcp_network_bind_raw_socket(int index, union sockaddr_union *link, BPF_STMT(BPF_LD + BPF_B + BPF_ABS, offsetof(DHCPPacket, ip.protocol)), /* A <- IP protocol */ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 1, 0), /* IP protocol == UDP ? */ BPF_STMT(BPF_RET + BPF_K, 0), /* ignore */ + BPF_STMT(BPF_LD + BPF_B + BPF_ABS, offsetof(DHCPPacket, ip.frag_off)), /* A <- Flags */ + BPF_STMT(BPF_ALU + BPF_AND + BPF_K, 0x20), /* A <- A & 0x20 (More Fragments bit) */ + BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 1, 0), /* A == 0 ? */ + BPF_STMT(BPF_RET + BPF_K, 0), /* ignore */ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, offsetof(DHCPPacket, ip.frag_off)), /* A <- Flags + Fragment offset */ BPF_STMT(BPF_ALU + BPF_AND + BPF_K, 0x1fff), /* A <- A & 0x1fff */ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0, 1, 0), /* A == 0 ? */