From 5608430139e413326fb6bc5761efa3642bfc496c Mon Sep 17 00:00:00 2001 From: Kusakabe Si Date: Fri, 10 Dec 2021 17:35:44 +0000 Subject: [PATCH] Check packetsize before process to fix out of range --- device/device.go | 1 + device/receive.go | 26 +++++++++++++------- device/receivesendproc.go | 23 ++++++++--------- device/send.go | 2 +- example_config/super_mode/EgNet_edge001.yaml | 4 +-- example_config/super_mode/EgNet_edge002.yaml | 4 +-- example_config/super_mode/EgNet_edge100.yaml | 4 +-- go.mod | 2 +- go.sum | 4 +-- main_super.go | 8 +++--- mtypes/config.go | 2 +- mtypes/functions.go | 7 ++++++ path/header.go | 7 +++--- tap/tap_linux.go | 2 +- tap/tap_vpp.go | 2 +- 15 files changed, 58 insertions(+), 40 deletions(-) diff --git a/device/device.go b/device/device.go index 742c32a..15e5529 100644 --- a/device/device.go +++ b/device/device.go @@ -356,6 +356,7 @@ func NewDevice(tapDevice tap.Device, id mtypes.Vertex, bind conn.Bind, logger *L device.SuperConfigPath = configpath device.SuperConfig = sconfig device.EdgeConfig = &mtypes.EdgeConfig{} + device.EdgeConfig.Interface.MTU = 1416 device.Chan_server_pong = superevents.Event_server_pong device.Chan_server_register = superevents.Event_server_register device.LogLevel = sconfig.LogLevel diff --git a/device/receive.go b/device/receive.go index dcf1e27..f459145 100644 --- a/device/receive.go +++ b/device/receive.go @@ -7,6 +7,7 @@ package device import ( "bytes" + "encoding/base64" "encoding/binary" "errors" "fmt" @@ -427,6 +428,7 @@ func (peer *Peer) RoutineSequentialReceiver() { should_process := false should_receive := false should_transfer := false + packetlan := 0 currentTime := time.Now() storeTime := currentTime.Add(time.Second) if currentTime.After((*peer.LastPacketReceivedAdd1Sec.Load().(*time.Time))) { @@ -463,24 +465,30 @@ func (peer *Peer) RoutineSequentialReceiver() { device.log.Errorf("Invalid EgHeader from peer %v", peer) goto skip } - EgHeader, _ = path.NewEgHeader(elem.packet[0:path.EgHeaderLen]) // EG header + EgHeader, _ = path.NewEgHeader(elem.packet[0:path.EgHeaderLen], device.EdgeConfig.Interface.MTU) // EG header src_nodeID = EgHeader.GetSrc() dst_nodeID = EgHeader.GetDst() - elem.packet = elem.packet[:EgHeader.GetPacketLength()+path.EgHeaderLen] // EG header + true packet packet_type = elem.Type + packetlan = int(EgHeader.GetPacketLength() + path.EgHeaderLen) + if packetlan >= len(elem.packet) { + device.log.Errorf("received invalid packet content: %v S:%v D:%v From:%v IP:%v", base64.StdEncoding.EncodeToString([]byte(elem.packet)), src_nodeID.ToString(), dst_nodeID.ToString(), peer.ID.ToString(), peer.endpoint.DstToString()) + goto skip + } + elem.packet = elem.packet[:packetlan] // EG header + true packet + if device.IsSuperNode { if packet_type.IsControl_Edge2Super() { should_process = true } else { - device.log.Errorf("received unsupported packet_type %v from %v %v", packet_type, src_nodeID, peer.endpoint.DstToString()) + device.log.Errorf("received unsupported packet_type %v S:%v From:%v IP:%v", packet_type, src_nodeID, peer.ID.ToString(), peer.endpoint.DstToString()) goto skip } switch dst_nodeID { case mtypes.NodeID_SuperNode: should_process = true default: - device.log.Errorf("received invalid dst_nodeID %v from %v %v", dst_nodeID, src_nodeID, peer.endpoint.DstToString()) + device.log.Errorf("received invalid dst_nodeID: %v S:%v From:%v IP:%v", dst_nodeID, src_nodeID, peer.ID.ToString(), peer.endpoint.DstToString()) goto skip } } else { @@ -515,7 +523,7 @@ func (peer *Peer) RoutineSequentialReceiver() { } } else { - device.log.Errorf("received ServerUpdate packet from non supernode %v %v", src_nodeID, peer.endpoint.DstToString()) + device.log.Errorf("received ServerUpdate packet from non supernode S:%v From:%v IP:%v", src_nodeID, peer.ID.ToString(), peer.endpoint.DstToString()) goto skip } } @@ -530,7 +538,7 @@ func (peer *Peer) RoutineSequentialReceiver() { should_transfer = true } else { if device.LogLevel.LogTransit { - fmt.Printf("Transit: Duplicate packet received from %d through %d , src_nodeID = %d . Dropped.\n", peer.ID, device.ID, src_nodeID) + fmt.Printf("Transit: Duplicate packet dropped. From:%v Me:%v To:%v S:%v D:%v\n", peer.ID, device.ID, peer_out.ID, src_nodeID.ToString(), dst_nodeID.ToString()) } goto skip } @@ -569,7 +577,7 @@ func (peer *Peer) RoutineSequentialReceiver() { peer_out = device.peers.IDMap[next_id] device.peers.RUnlock() if device.LogLevel.LogTransit { - fmt.Printf("Transit: Transfer packet from %d through %d to %d\n", peer.ID, device.ID, peer_out.ID) + fmt.Printf("Transit: Transfer From:%v Me:%v To:%v S:%v D:%v\n", peer.ID, device.ID, peer_out.ID, src_nodeID.ToString(), dst_nodeID.ToString()) } go device.SendPacket(peer_out, elem.Type, elem.packet, MessageTransportOffsetContent) } @@ -581,7 +589,7 @@ func (peer *Peer) RoutineSequentialReceiver() { if packet_type != path.NormalPacket { if device.LogLevel.LogControl { if peer.GetEndpointDstStr() != "" { - fmt.Printf("Control: Received S:%v D:%v %v From:%v\n", src_nodeID.ToString(), dst_nodeID.ToString(), device.sprint_received(packet_type, elem.packet[path.EgHeaderLen:]), peer.ID.ToString()) + fmt.Printf("Control: Recv %v S:%v D:%v From:%v IP:%v\n", device.sprint_received(packet_type, elem.packet[path.EgHeaderLen:]), src_nodeID.ToString(), dst_nodeID.ToString(), peer.ID.ToString(), peer.GetEndpointDstStr()) } } err = device.process_received(packet_type, peer, elem.packet[path.EgHeaderLen:]) @@ -599,7 +607,7 @@ func (peer *Peer) RoutineSequentialReceiver() { } if device.LogLevel.LogNormal { packet_len := len(elem.packet) - path.EgHeaderLen - fmt.Println("Normal: Reveived Normal packet From:" + peer.GetEndpointDstStr() + " SrcID:" + src_nodeID.ToString() + " DstID:" + dst_nodeID.ToString() + " Len:" + strconv.Itoa(packet_len)) + fmt.Println("Normal: Recv Normal packet From:" + peer.GetEndpointDstStr() + " SrcID:" + src_nodeID.ToString() + " DstID:" + dst_nodeID.ToString() + " Len:" + strconv.Itoa(packet_len)) packet := gopacket.NewPacket(elem.packet[path.EgHeaderLen:], layers.LayerTypeEthernet, gopacket.Default) fmt.Println(packet.Dump()) } diff --git a/device/receivesendproc.go b/device/receivesendproc.go index 4589410..8a6ffbe 100644 --- a/device/receivesendproc.go +++ b/device/receivesendproc.go @@ -36,27 +36,28 @@ func (device *Device) SendPacket(peer *Peer, usage path.Usage, packet []byte, of } if usage == path.NormalPacket && len(packet)-path.EgHeaderLen <= 12 { if device.LogLevel.LogNormal { - fmt.Println("Normal: Invalid packet: Ethernet packet too small") + fmt.Printf("Normal: Send Len:%v Invalid packet: Ethernet packet too small\n", len(packet)) } return } if device.LogLevel.LogNormal { - EgHeader, _ := path.NewEgHeader(packet[:path.EgHeaderLen]) + EgHeader, _ := path.NewEgHeader(packet[:path.EgHeaderLen], device.EdgeConfig.Interface.MTU) if usage == path.NormalPacket && EgHeader.GetSrc() == device.ID { dst_nodeID := EgHeader.GetDst() packet_len := len(packet) - path.EgHeaderLen - fmt.Println("Normal: Send Normal packet To:" + peer.GetEndpointDstStr() + " SrcID:" + device.ID.ToString() + " DstID:" + dst_nodeID.ToString() + " Len:" + strconv.Itoa(packet_len)) + fmt.Printf("Normal: Send Len%v S:%v D:%v To:%v IP:%v:\n", packet_len, device.ID.ToString(), dst_nodeID.ToString(), peer.ID.ToString(), peer.GetEndpointDstStr()) packet := gopacket.NewPacket(packet[path.EgHeaderLen:], layers.LayerTypeEthernet, gopacket.Default) fmt.Println(packet.Dump()) } } if device.LogLevel.LogControl { - EgHeader, _ := path.NewEgHeader(packet[:path.EgHeaderLen]) + EgHeader, _ := path.NewEgHeader(packet[:path.EgHeaderLen], device.EdgeConfig.Interface.MTU) if usage != path.NormalPacket { if peer.GetEndpointDstStr() != "" { + src_nodeID := EgHeader.GetSrc() dst_nodeID := EgHeader.GetDst() - fmt.Printf("Control: Send D:%v %v To:%v\n", dst_nodeID.ToString(), device.sprint_received(usage, packet[path.EgHeaderLen:]), peer.GetEndpointDstStr()) + fmt.Printf("Control: Send %v S:%v D:%v To:%v IP:%v\n", device.sprint_received(usage, packet[path.EgHeaderLen:]), src_nodeID.ToString(), dst_nodeID.ToString(), peer.ID.ToString(), peer.GetEndpointDstStr()) } } } @@ -246,7 +247,7 @@ func (device *Device) GeneratePingPacket(src_nodeID mtypes.Vertex, request_reply return nil, path.PingPacket, err } buf := make([]byte, path.EgHeaderLen+len(body)) - header, _ := path.NewEgHeader(buf[0:path.EgHeaderLen]) + header, _ := path.NewEgHeader(buf[0:path.EgHeaderLen], device.EdgeConfig.Interface.MTU) if err != nil { return nil, path.PingPacket, err } @@ -305,7 +306,7 @@ func (device *Device) server_process_RegisterMsg(peer *Peer, content mtypes.Regi return err } buf := make([]byte, path.EgHeaderLen+len(body)) - header, _ := path.NewEgHeader(buf[:path.EgHeaderLen]) + header, _ := path.NewEgHeader(buf[:path.EgHeaderLen], device.EdgeConfig.Interface.MTU) header.SetSrc(device.ID) header.SetTTL(0) header.SetPacketLength(uint16(len(body))) @@ -348,7 +349,7 @@ func (device *Device) process_ping(peer *Peer, content mtypes.PingMsg) error { return err } buf := make([]byte, path.EgHeaderLen+len(body)) - header, _ := path.NewEgHeader(buf[:path.EgHeaderLen]) + header, _ := path.NewEgHeader(buf[:path.EgHeaderLen], device.EdgeConfig.Interface.MTU) header.SetSrc(device.ID) header.SetTTL(device.EdgeConfig.DefaultTTL) header.SetPacketLength(uint16(len(body))) @@ -379,7 +380,7 @@ func (device *Device) process_pong(peer *Peer, content mtypes.PongMsg) error { return err } buf := make([]byte, path.EgHeaderLen+len(body)) - header, _ := path.NewEgHeader(buf[:path.EgHeaderLen]) + header, _ := path.NewEgHeader(buf[:path.EgHeaderLen], device.EdgeConfig.Interface.MTU) header.SetSrc(device.ID) header.SetTTL(device.EdgeConfig.DefaultTTL) header.SetPacketLength(uint16(len(body))) @@ -702,7 +703,7 @@ func (device *Device) process_RequestPeerMsg(content mtypes.QueryPeerMsg) error continue } buf := make([]byte, path.EgHeaderLen+len(body)) - header, _ := path.NewEgHeader(buf[0:path.EgHeaderLen]) + header, _ := path.NewEgHeader(buf[0:path.EgHeaderLen], device.EdgeConfig.Interface.MTU) header.SetDst(mtypes.NodeID_AllPeer) header.SetTTL(device.EdgeConfig.DefaultTTL) header.SetSrc(device.ID) @@ -874,7 +875,7 @@ func (device *Device) RoutineRegister(startchan chan struct{}) { HttpPostCount: device.HttpPostCount, }) buf := make([]byte, path.EgHeaderLen+len(body)) - header, _ := path.NewEgHeader(buf[0:path.EgHeaderLen]) + header, _ := path.NewEgHeader(buf[0:path.EgHeaderLen], device.EdgeConfig.Interface.MTU) header.SetDst(mtypes.NodeID_SuperNode) header.SetTTL(0) header.SetSrc(device.ID) diff --git a/device/send.go b/device/send.go index 0705036..d04b71f 100644 --- a/device/send.go +++ b/device/send.go @@ -251,7 +251,7 @@ func (device *Device) RoutineReadFromTUN() { //add custom header dst_node, src_node, ttl size += path.EgHeaderLen elem.packet = elem.buffer[offset : offset+size] - EgBody, _ := path.NewEgHeader(elem.packet[0:path.EgHeaderLen]) + EgBody, _ := path.NewEgHeader(elem.packet[0:path.EgHeaderLen], device.EdgeConfig.Interface.MTU) dst_nodeID := EgBody.GetDst() dstMacAddr := tap.GetDstMacAddr(elem.packet[path.EgHeaderLen:]) // lookup peer diff --git a/example_config/super_mode/EgNet_edge001.yaml b/example_config/super_mode/EgNet_edge001.yaml index 4188b7e..b6c28f8 100644 --- a/example_config/super_mode/EgNet_edge001.yaml +++ b/example_config/super_mode/EgNet_edge001.yaml @@ -20,8 +20,8 @@ PrivKey: 12CRJpzWOTRQDOdtROtwwWb68B4HHjSbrS1WySAkWYI= ListenPort: 0 LogLevel: LogLevel: error - LogTransit: false - LogNormal: false + LogTransit: true + LogNormal: true LogControl: true LogInternal: true LogNTP: true diff --git a/example_config/super_mode/EgNet_edge002.yaml b/example_config/super_mode/EgNet_edge002.yaml index adab6ae..775cece 100644 --- a/example_config/super_mode/EgNet_edge002.yaml +++ b/example_config/super_mode/EgNet_edge002.yaml @@ -20,8 +20,8 @@ PrivKey: 2swvwMtyuOKd2HsrfSY1eEYKRjhS4dCr2Cwtj9or0us= ListenPort: 0 LogLevel: LogLevel: error - LogTransit: false - LogNormal: false + LogTransit: true + LogNormal: true LogControl: true LogInternal: true LogNTP: true diff --git a/example_config/super_mode/EgNet_edge100.yaml b/example_config/super_mode/EgNet_edge100.yaml index affb6b0..978602d 100644 --- a/example_config/super_mode/EgNet_edge100.yaml +++ b/example_config/super_mode/EgNet_edge100.yaml @@ -20,8 +20,8 @@ PrivKey: iquaLyD+YLzW3zvI0JGSed9GfDqHYMh/vUaU0PYVAbQ= ListenPort: 0 LogLevel: LogLevel: error - LogTransit: false - LogNormal: false + LogTransit: true + LogNormal: true LogControl: true LogInternal: true LogNTP: true diff --git a/go.mod b/go.mod index 79b9e07..9aa2db5 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.17 require ( git.fd.io/govpp.git v0.3.6-0.20210927044411-385ccc0d8ba9 git.fd.io/govpp.git/extras v0.0.0-20211129071605-0a0c03d45954 - github.com/KusakabeSi/go-cache v0.0.0-20210823132304-22b5b1d22b41 + github.com/KusakabeSi/go-cache v0.0.0-20211210164531-8ee1215c700a github.com/beevik/ntp v0.3.0 github.com/golang-jwt/jwt v3.2.2+incompatible github.com/google/gopacket v1.1.19 diff --git a/go.sum b/go.sum index e5f5a40..f0a7ff7 100644 --- a/go.sum +++ b/go.sum @@ -2,8 +2,8 @@ git.fd.io/govpp.git v0.3.6-0.20210927044411-385ccc0d8ba9 h1:QFHVGWCWf6e226vMy1zU git.fd.io/govpp.git v0.3.6-0.20210927044411-385ccc0d8ba9/go.mod h1:OCVd4W8SH+666KRQoMj6PM+oipLDZAHhqMz9B1TGbgI= git.fd.io/govpp.git/extras v0.0.0-20211129071605-0a0c03d45954 h1:F4tLgA7dY1lY1GQ6D7dMiLie39FV6QXinM7BU9cRENY= git.fd.io/govpp.git/extras v0.0.0-20211129071605-0a0c03d45954/go.mod h1:GhryuN3x7qZ/wYLlEiPUVi6glJvh5S5V6E+XASV4774= -github.com/KusakabeSi/go-cache v0.0.0-20210823132304-22b5b1d22b41 h1:o6o1+n8vqD/Qsxw26x7aLH6QQzPGGmQdKQqQRpkA/ac= -github.com/KusakabeSi/go-cache v0.0.0-20210823132304-22b5b1d22b41/go.mod h1:u+fcGXuY9eUnv1Lw58RgBJcfNxv8rT2jHNI3tdDUHp0= +github.com/KusakabeSi/go-cache v0.0.0-20211210164531-8ee1215c700a h1:5OUSCHnmA6F0QtzSl8Am/QDBI9d16pidq6SbHiPO69U= +github.com/KusakabeSi/go-cache v0.0.0-20211210164531-8ee1215c700a/go.mod h1:u+fcGXuY9eUnv1Lw58RgBJcfNxv8rT2jHNI3tdDUHp0= github.com/beevik/ntp v0.3.0 h1:xzVrPrE4ziasFXgBVBZJDP0Wg/KpMwk2KHJ4Ba8GrDw= github.com/beevik/ntp v0.3.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg= github.com/bennyscetbun/jsongo v1.1.0/go.mod h1:suxbVmjBV8+A2BBAM5EYVh6Uj8j3rqJhzWf3hv7Ff8U= diff --git a/main_super.go b/main_super.go index a723bf7..5711bdb 100644 --- a/main_super.go +++ b/main_super.go @@ -333,7 +333,7 @@ func super_peerdel_notify(toDelete mtypes.Vertex, PubKey string) { for i := 0; i < 10; i++ { body, _ := mtypes.GetByte(&ServerUpdateMsg) buf := make([]byte, path.EgHeaderLen+len(body)) - header, _ := path.NewEgHeader(buf[:path.EgHeaderLen]) + header, _ := path.NewEgHeader(buf[:path.EgHeaderLen], 1416) header.SetSrc(mtypes.NodeID_SuperNode) header.SetTTL(0) header.SetPacketLength(uint16(len(body))) @@ -464,7 +464,7 @@ func PushNhTable(force bool) { return } buf := make([]byte, path.EgHeaderLen+len(body)) - header, _ := path.NewEgHeader(buf[:path.EgHeaderLen]) + header, _ := path.NewEgHeader(buf[:path.EgHeaderLen], 1416) header.SetDst(mtypes.NodeID_SuperNode) header.SetPacketLength(uint16(len(body))) header.SetSrc(mtypes.NodeID_SuperNode) @@ -499,7 +499,7 @@ func PushPeerinfo(force bool) { return } buf := make([]byte, path.EgHeaderLen+len(body)) - header, _ := path.NewEgHeader(buf[:path.EgHeaderLen]) + header, _ := path.NewEgHeader(buf[:path.EgHeaderLen], 1416) header.SetDst(mtypes.NodeID_SuperNode) header.SetPacketLength(uint16(len(body))) header.SetSrc(mtypes.NodeID_SuperNode) @@ -541,7 +541,7 @@ func PushServerParams(force bool) { return } buf := make([]byte, path.EgHeaderLen+len(body)) - header, _ := path.NewEgHeader(buf[:path.EgHeaderLen]) + header, _ := path.NewEgHeader(buf[:path.EgHeaderLen], 1416) header.SetDst(mtypes.NodeID_SuperNode) header.SetPacketLength(uint16(len(body))) header.SetSrc(mtypes.NodeID_SuperNode) diff --git a/mtypes/config.go b/mtypes/config.go index e2ab4ef..c208f0c 100644 --- a/mtypes/config.go +++ b/mtypes/config.go @@ -73,7 +73,7 @@ type InterfaceConf struct { IPv4CIDR string `yaml:"IPv4CIDR"` IPv6CIDR string `yaml:"IPv6CIDR"` IPv6LLPrefix string `yaml:"IPv6LLPrefix"` - MTU int `yaml:"MTU"` + MTU uint16 `yaml:"MTU"` RecvAddr string `yaml:"RecvAddr"` SendAddr string `yaml:"SendAddr"` L2HeaderMode string `yaml:"L2HeaderMode"` diff --git a/mtypes/functions.go b/mtypes/functions.go index 7171f00..1e1d4a8 100644 --- a/mtypes/functions.go +++ b/mtypes/functions.go @@ -93,3 +93,10 @@ func ReadYaml(filePath string, out interface{}) (err error) { err = yaml.Unmarshal(yamlFile, out) return } + +func AbsInt(a int) int { + if a < 0 { + a *= -1 + } + return a +} diff --git a/path/header.go b/path/header.go index 926a54a..46b4d3e 100644 --- a/path/header.go +++ b/path/header.go @@ -90,7 +90,7 @@ func (v Usage) IsControl_Edge2Edge() bool { } } -func NewEgHeader(pac []byte) (e EgHeader, err error) { +func NewEgHeader(pac []byte, mtu uint16) (e EgHeader, err error) { if len(pac) != EgHeaderLen { err = errors.New("invalid packet size") return @@ -120,8 +120,9 @@ func (e EgHeader) SetTTL(ttl uint8) { e.buf[4] = ttl } -func (e EgHeader) GetPacketLength() uint16 { - return binary.BigEndian.Uint16(e.buf[5:7]) +func (e EgHeader) GetPacketLength() (ret uint16) { + ret = binary.BigEndian.Uint16(e.buf[5:7]) + return } func (e EgHeader) SetPacketLength(length uint16) { binary.BigEndian.PutUint16(e.buf[5:7], length) diff --git a/tap/tap_linux.go b/tap/tap_linux.go index 29064ca..bd2e854 100644 --- a/tap/tap_linux.go +++ b/tap/tap_linux.go @@ -334,7 +334,7 @@ func getIFIndex(name string) (ret int32, err error) { return *(*int32)(unsafe.Pointer(&ifr[unix.IFNAMSIZ])), nil } -func (tap *NativeTap) setMTU(n int) (err error) { +func (tap *NativeTap) setMTU(n uint16) (err error) { name, err := tap.Name() if err != nil { return err diff --git a/tap/tap_vpp.go b/tap/tap_vpp.go index d070ff4..d82d722 100644 --- a/tap/tap_vpp.go +++ b/tap/tap_vpp.go @@ -133,7 +133,7 @@ func CreateVppTAP(iconfig mtypes.InterfaceConf, NodeID mtypes.Vertex, loglevel s tap := &VppTap{ name: iconfig.Name, - mtu: iconfig.MTU, + mtu: int(iconfig.MTU), ifuid: iconfig.VPPIFaceID, SwIfIndex: 0, memifSockPath: path.Join(vppMemifSocketDir, iconfig.Name+".sock"),