mir/isc-dhcp
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/dhcp synced 2025-09-03 15:56:00 +00:00
Code Issues Releases Wiki Activity

[master] Corrected error in UDP bad packet logging

Browse Source 
Merges in rt36897
This commit is contained in:
Thomas Markwalder
2014-09-08 09:31:32 -04:00
parent 3956569b0d
commit 0ce1aa9445
2 changed files with 38 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
RELNOTES
View File

@@ -54,6 +54,9 @@ by Eric Young (eay@cryptsoft.com).
Changes since 4.3.1 Changes since 4.3.1
- Corrected rate limiting checks for bad packet logging.
[ISC-Bugs #36897]
- Log statements depicting what files will be used by the server now occur - Log statements depicting what files will be used by the server now occur
after the configuration file has been processed. after the configuration file has been processed.
[ISC-Bugs #36671] [ISC-Bugs #36671]

55
common/packet.c
View File

@@ -3,7 +3,7 @@
Packet assembly code, originally contributed by Archie Cobbs. */ Packet assembly code, originally contributed by Archie Cobbs. */
/* /*
* Copyright (c) 2009,2012 by Internet Systems Consortium, Inc. ("ISC") * Copyright (c) 2009,2012,2014 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 2004,2005,2007 by Internet Systems Consortium, Inc. ("ISC") * Copyright (c) 2004,2005,2007 by Internet Systems Consortium, Inc. ("ISC")
* Copyright (c) 1996-2003 by Internet Software Consortium * Copyright (c) 1996-2003 by Internet Software Consortium
* *
@@ -234,12 +234,12 @@ decode_udp_ip_header(struct interface_info *interface,
unsigned char *upp, *endbuf; unsigned char *upp, *endbuf;
u_int32_t ip_len, ulen, pkt_len; u_int32_t ip_len, ulen, pkt_len;
u_int32_t sum, usum; u_int32_t sum, usum;
static int ip_packets_seen; static unsigned int ip_packets_seen = 0;
static int ip_packets_bad_checksum; static unsigned int ip_packets_bad_checksum = 0;
static int udp_packets_seen; static unsigned int udp_packets_seen = 0;
static int udp_packets_bad_checksum; static unsigned int udp_packets_bad_checksum = 0;
static int udp_packets_length_checked; static unsigned int udp_packets_length_checked = 0;
static int udp_packets_length_overflow; static unsigned int udp_packets_length_overflow = 0;
unsigned len; unsigned len;
/* Designate the end of the input buffer for bounds checks. */ /* Designate the end of the input buffer for bounds checks. */
@@ -287,10 +287,10 @@ decode_udp_ip_header(struct interface_info *interface,
udp_packets_length_checked++; udp_packets_length_checked++;
if ((upp + ulen) > endbuf) { if ((upp + ulen) > endbuf) {
udp_packets_length_overflow++; udp_packets_length_overflow++;
if ((udp_packets_length_checked > 4) && if (((udp_packets_length_checked > 4) &&
((udp_packets_length_checked / (udp_packets_length_overflow != 0)) &&
udp_packets_length_overflow) < 2)) { ((udp_packets_length_checked / udp_packets_length_overflow) < 2)) {
log_info("%d udp packets in %d too long - dropped", log_info("%u udp packets in %u too long - dropped",
udp_packets_length_overflow, udp_packets_length_overflow,
udp_packets_length_checked); udp_packets_length_checked);
udp_packets_length_overflow = 0; udp_packets_length_overflow = 0;
@@ -299,22 +299,31 @@ decode_udp_ip_header(struct interface_info *interface,
return -1; return -1;
} }
if ((ulen < sizeof(udp)) || ((upp + ulen) > endbuf)) /* If at least 5 with less than 50% bad, start over */
return -1; if (udp_packets_length_checked > 4) {
udp_packets_length_overflow = 0;
udp_packets_length_checked = 0;
}
/* Check the IP header checksum - it should be zero. */ /* Check the IP header checksum - it should be zero. */
++ip_packets_seen; ip_packets_seen++;
if (wrapsum (checksum (buf + bufix, ip_len, 0))) { if (wrapsum (checksum (buf + bufix, ip_len, 0))) {
++ip_packets_bad_checksum; ++ip_packets_bad_checksum;
if (ip_packets_seen > 4 && if (((ip_packets_seen > 4) && (ip_packets_bad_checksum != 0)) &&
(ip_packets_seen / ip_packets_bad_checksum) < 2) { ((ip_packets_seen / ip_packets_bad_checksum) < 2)) {
log_info ("%d bad IP checksums seen in %d packets", log_info ("%u bad IP checksums seen in %u packets",
ip_packets_bad_checksum, ip_packets_seen); ip_packets_bad_checksum, ip_packets_seen);
ip_packets_seen = ip_packets_bad_checksum = 0; ip_packets_seen = ip_packets_bad_checksum = 0;
} }
return -1; return -1;
} }
/* If at least 5 with less than 50% bad, start over */
if (ip_packets_seen > 4) {
ip_packets_bad_checksum = 0;
ip_packets_seen = 0;
}
/* Copy out the IP source address... */ /* Copy out the IP source address... */
memcpy(&from->sin_addr, &ip.ip_src, 4); memcpy(&from->sin_addr, &ip.ip_src, 4);
@@ -339,15 +348,21 @@ decode_udp_ip_header(struct interface_info *interface,
udp_packets_seen++; udp_packets_seen++;
if (usum && usum != sum) { if (usum && usum != sum) {
udp_packets_bad_checksum++; udp_packets_bad_checksum++;
if (udp_packets_seen > 4 && if (((udp_packets_seen > 4) && (udp_packets_bad_checksum != 0)) &&
(udp_packets_seen / udp_packets_bad_checksum) < 2) { ((udp_packets_seen / udp_packets_bad_checksum) < 2)) {
log_info ("%d bad udp checksums in %d packets", log_info ("%u bad udp checksums in %u packets",
udp_packets_bad_checksum, udp_packets_seen); udp_packets_bad_checksum, udp_packets_seen);
udp_packets_seen = udp_packets_bad_checksum = 0; udp_packets_seen = udp_packets_bad_checksum = 0;
} }
return -1; return -1;
} }
/* If at least 5 with less than 50% bad, start over */
if (udp_packets_seen > 4) {
udp_packets_bad_checksum = 0;
udp_packets_seen = 0;
}
/* Copy out the port... */ /* Copy out the port... */
memcpy (&from -> sin_port, &udp.uh_sport, sizeof udp.uh_sport); memcpy (&from -> sin_port, &udp.uh_sport, sizeof udp.uh_sport);