When there is a peer speaking PTPv1 in the network we want to silently ignore
the packets instead of flooding system log with error messages. At the same
time we still want to report malformed packets. For that we reuse standard
error numbers and do more fine-grained error reporting in packet processing
routines.
Signed-off-by: Libor Pechacek <lpechacek@suse.cz>
The 'struct ptp_message" includes a 64 bit integer field, ts.pdu.sec,
and this must be aligned to an eight byte boundary for armv5 machines.
Although the compiler puts the field at the right offset, we spoil this
by packing the struct with 20 bytes of head room. This patch fixes the
issue by realigning the message buffer.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
These flexible TLVs don't need to be represented as a single packed
struct directly in the message buffer. Instead a separate struct
contains pointers to the individual parts of the TLV in the message
buffer. The flexible TLV can only be the last TLV in a message.
Signed-off-by: Geoff Salmon <gsalmon@se-instruments.com>
The function, tlv_post_recv, and the functions it calls don't check
the length of the tlv before flipping the byte order of fields. An
attacker (or a really buggy client) can craft a message causing the
byte order of data outside the received message to be flipped.
None of the supported tlvs are large enough to flip bytes outside the
ptp_message struct, which could corrupt the heap. However, it's easy
to mess up the message's refcnt field, leading to memory leaks.
The fix is to check that the tlv length is what is expected when
receiving, and tlv_post_recv needs to return an int to signal when a
tlv is invalid.
Signed-off-by: Geoff Salmon <gsalmon@se-instruments.com>
The message code is horribly broken in three ways.
1. Clearing the message also sets the reference count to zero.
2. The recycling code in msg_put does not test the reference count.
3. The allocation code does not remove the message from the pool,
although this code was never reached because of point 2.
This patch fixes the issues and also adds some debugging code to trace
the message pool statistics.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
This patch is in preparation for handling the suffix TLV data. We will
need to use the structure size more than once.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
Libor Pechacek
Richard Cochran
Geoff Salmon