From 1cb59d80950297bae580f56daf1391fbf91175dd6a86cdbf1da9fc93c241a6ce Mon Sep 17 00:00:00 2001 From: Bin Liu Date: Wed, 10 Jan 2018 09:59:41 +0000 Subject: [PATCH] Accepting request 563223 from home:BinLiu:branches:network:ha-clustering:Factory - totemudp[u]: Drop truncated packets on receive(bsc#1075300) Added: 0012-totemudp-u-Drop-truncated-packets-on-receive.patch OBS-URL: https://build.opensuse.org/request/show/563223 OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/corosync?expand=0&rev=131 --- ...-u-Drop-truncated-packets-on-receive.patch | 109 ++++++++++++++++++ corosync.changes | 6 + corosync.spec | 2 + 3 files changed, 117 insertions(+) create mode 100644 0012-totemudp-u-Drop-truncated-packets-on-receive.patch diff --git a/0012-totemudp-u-Drop-truncated-packets-on-receive.patch b/0012-totemudp-u-Drop-truncated-packets-on-receive.patch new file mode 100644 index 0000000..5843f52 --- /dev/null +++ b/0012-totemudp-u-Drop-truncated-packets-on-receive.patch @@ -0,0 +1,109 @@ +From 89d36a80a4899cb9536ad22cb16615c9eff043de Mon Sep 17 00:00:00 2001 +From: Jan Friesse +Date: Fri, 5 Jan 2018 16:38:43 +0100 +Subject: [PATCH 1/2] totemudp[u]: Drop truncated packets on receive + +This is backport of part of "totemudpu: Scale receive buffer" patch in +master branch. + +We shouldn't not need to enlarge buffer because maximum number of nodes +for needle is 2 so join message is smaller. + +Signed-off-by: Jan Friesse +Reviewed-by: Christine Caulfield +--- + exec/totemudp.c | 26 ++++++++++++++++++++++++++ + exec/totemudpu.c | 26 ++++++++++++++++++++++++++ + 2 files changed, 52 insertions(+) + +diff --git a/exec/totemudp.c b/exec/totemudp.c +index 2f36b5d9..40e99f93 100644 +--- a/exec/totemudp.c ++++ b/exec/totemudp.c +@@ -452,6 +452,7 @@ static int net_deliver_fn ( + struct sockaddr_storage system_from; + int bytes_received; + int res = 0; ++ int truncated_packet; + + if (instance->flushing == 1) { + iovec = &instance->totemudp_iov_recv_flush; +@@ -489,6 +490,31 @@ static int net_deliver_fn ( + instance->stats_recv += bytes_received; + } + ++ truncated_packet = 0; ++ ++#ifdef HAVE_MSGHDR_FLAGS ++ if (msg_recv.msg_flags & MSG_TRUNC) { ++ truncated_packet = 1; ++ } ++#else ++ /* ++ * We don't have MSGHDR_FLAGS, but we can (hopefully) safely make assumption that ++ * if bytes_received == FRAME_SIZE_MAX then packet is truncated ++ */ ++ if (bytes_received == FRAME_SIZE_MAX) { ++ truncated_packet = 1; ++ } ++#endif ++ ++ if (truncated_packet) { ++ log_printf(instance->totemudp_log_level_error, ++ "Received too big message. This may be because something bad is happening" ++ "on the network (attack?), or you tried join more nodes than corosync is" ++ "compiled with (%u) or bug in the code (bad estimation of " ++ "the FRAME_SIZE_MAX). Dropping packet.", PROCESSOR_COUNT_MAX); ++ return (0); ++ } ++ + /* + * Authenticate and if authenticated, decrypt datagram + */ +diff --git a/exec/totemudpu.c b/exec/totemudpu.c +index 9e076423..569e67a0 100644 +--- a/exec/totemudpu.c ++++ b/exec/totemudpu.c +@@ -446,6 +446,7 @@ static int net_deliver_fn ( + struct sockaddr_storage system_from; + int bytes_received; + int res = 0; ++ int truncated_packet; + + iovec = &instance->totemudpu_iov_recv; + +@@ -479,6 +480,31 @@ static int net_deliver_fn ( + instance->stats_recv += bytes_received; + } + ++ truncated_packet = 0; ++ ++#ifdef HAVE_MSGHDR_FLAGS ++ if (msg_recv.msg_flags & MSG_TRUNC) { ++ truncated_packet = 1; ++ } ++#else ++ /* ++ * We don't have MSGHDR_FLAGS, but we can (hopefully) safely make assumption that ++ * if bytes_received == FRAME_SIZE_MAX then packet is truncated ++ */ ++ if (bytes_received == FRAME_SIZE_MAX) { ++ truncated_packet = 1; ++ } ++#endif ++ ++ if (truncated_packet) { ++ log_printf(instance->totemudpu_log_level_error, ++ "Received too big message. This may be because something bad is happening" ++ "on the network (attack?), or you tried join more nodes than corosync is" ++ "compiled with (%u) or bug in the code (bad estimation of " ++ "the FRAME_SIZE_MAX). Dropping packet.", PROCESSOR_COUNT_MAX); ++ return (0); ++ } ++ + /* + * Authenticate and if authenticated, decrypt datagram + */ +-- +2.13.6 + diff --git a/corosync.changes b/corosync.changes index 2e335bd..ef175a4 100644 --- a/corosync.changes +++ b/corosync.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jan 10 02:36:24 UTC 2018 - bliu@suse.com + +- totemudp[u]: Drop truncated packets on receive(bsc#1075300) + Added: 0012-totemudp-u-Drop-truncated-packets-on-receive.patch + ------------------------------------------------------------------- Thu Jan 4 04:36:41 UTC 2018 - bliu@suse.com diff --git a/corosync.spec b/corosync.spec index b08e967..1206049 100644 --- a/corosync.spec +++ b/corosync.spec @@ -73,6 +73,7 @@ Patch15: 0008-wd-fix-snprintf-warnings.patch Patch16: 0009-add-config-for-corosync-qnetd.patch Patch17: 0010-qdevice-mv-free-str-after-port-validation.patch Patch18: 0011-libcpg-Fix-issue-with-partial-big-packet-assembly.patch +Patch19: 0012-totemudp-u-Drop-truncated-packets-on-receive.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # openais is indeed gone and should be uninstalled. Yes, we do not @@ -156,6 +157,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build %patch16 -p1 %patch17 -p1 %patch18 -p1 +%patch19 -p1 %build %if %{with runautogen}