PERFORCE change 101395 for review
Clément Lecigne
clem1 at FreeBSD.org
Wed Jul 12 16:18:40 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=101395
Change 101395 by clem1 at clem1_ipv6vulns on 2006/07/12 16:18:23
syslog DAD messages and print if the node claims to be a router or not.
Affected files ...
.. //depot/projects/soc2006/clem1_ipv6vulns/preventing-tools/ndpwatch/db.c#2 edit
.. //depot/projects/soc2006/clem1_ipv6vulns/preventing-tools/ndpwatch/ndpwatch.c#2 edit
.. //depot/projects/soc2006/clem1_ipv6vulns/preventing-tools/ndpwatch/report.c#2 edit
.. //depot/projects/soc2006/clem1_ipv6vulns/preventing-tools/ndpwatch/report.h#2 edit
Differences ...
==== //depot/projects/soc2006/clem1_ipv6vulns/preventing-tools/ndpwatch/db.c#2 (text+ko) ====
@@ -90,7 +90,7 @@
register u_int len;
u_char *e2;
time_t t2;
-
+
/* Lookup ipv6 address */
ap = ainfo_find(a);
@@ -99,7 +99,7 @@
ep = ap->elist[0];
if (MEMCMP(e, ep->e, 6) == 0) {
if (t - ep->t > NEWACTIVITY_DELTA) {
- report("new activity", a, e, NULL, &t, &ep->t);
+ report("new activity", a, e, NULL, r, &t, &ep->t);
}
ep->t = t;
return (1);
@@ -110,7 +110,7 @@
if (ap->ecount == 0) {
ap->ecount = 1;
ap->elist[0] = elist_alloc(a, e, t, h);
- report("new station", a, e, NULL, &t, NULL);
+ report("new station", a, e, NULL, r, &t, NULL);
return (1);
}
@@ -134,7 +134,7 @@
/* New ether address */
e2 = ap->elist[0]->e;
t2 = ap->elist[0]->t;
- report("changed ethernet address", a, e, e2, &t, &t2);
+ report("changed ethernet address", a, e, e2, r, &t, &t2);
/* Make room at head of list */
alist_alloc(ap);
len = ap->ecount * sizeof(ap->elist[0]);
==== //depot/projects/soc2006/clem1_ipv6vulns/preventing-tools/ndpwatch/ndpwatch.c#2 (text+ko) ====
@@ -239,6 +239,15 @@
ndp = (struct ndp_header *)(pk + ph->len - NDP_S - NDP_OPT_S);
opt = (struct ndp_option *)(pk + ph->len - NDP_OPT_S);
+ /* is it a DAD message ? */
+ if (IN6_IS_ADDR_UNSPECIFIED(&ip6->src) && ndp->type == 135)
+ {
+ syslog(LOG_NOTICE, "Duplicated address detection asked for "
+ "%s from %s\n", inet_ntop(AF_INET6, &ndp->target, ip,
+ INET6_ADDRSTRLEN), e2str(opt->mac));
+ return;
+ }
+
if (!sanity_icmp6(ndp, opt))
{
/* syslog has been filled */
@@ -254,7 +263,7 @@
return;
}
t = ph->ts.tv_sec;
- if (!ent_add(&ndp->target, opt->mac, ndp->reserved >> 31, t, NULL))
+ if (!ent_add(&ndp->target, opt->mac, ndp->reserved >> 7, t, NULL))
{
syslog(LOG_ERR, "ent_addr(%s, %s, ...) failed\n",
inet_ntop(AF_INET6, &ndp->target, ip, INET6_ADDRSTRLEN),
==== //depot/projects/soc2006/clem1_ipv6vulns/preventing-tools/ndpwatch/report.c#2 (text+ko) ====
@@ -220,7 +220,8 @@
void
report(register char *title, struct in6_addr *a, register u_char *e1,
- register u_char *e2, register time_t *t1p, register time_t *t2p)
+ register u_char *e2, register u_int8_t r, register time_t *t1p,
+ register time_t *t2p)
{
register char *cp;
register int fd, pid;
@@ -293,6 +294,7 @@
(void)fprintf(f, fmt, "ip address", inet_ntop(AF_INET6, a, ip,
INET6_ADDRSTRLEN));
(void)fprintf(f, fmt, "ethernet address", e2str(e1));
+ (void)fprintf(f, fmt, "router", (r) ? "YES" : "no");
if (e2) (void)fprintf(f, fmt, "old ethernet address", e2str(e2));
if (t1p)
==== //depot/projects/soc2006/clem1_ipv6vulns/preventing-tools/ndpwatch/report.h#2 (text+ko) ====
@@ -1,2 +1,2 @@
-void report(char *, struct in6_addr *, u_char *, u_char *, time_t *, time_t *);
+void report(char *, struct in6_addr *, u_char *, u_char *, u_int8_t r, time_t *, time_t *);
More information about the p4-projects
mailing list