Commit 1c021c5c authored by Mike Hibler's avatar Mike Hibler

Forgot the IPOD patch.

parent 03f78401
#
# Utah kernel modification to allow an authenticated ICMP "Ping Of Death"
# ("ipod") packet. (Yes, we came before that other ipod...) We only define
# this on node kernels and not on the servers.
#
# cd /usr/src
# sudo patch -p0 < patchfile
#
diff -rNu sys.orig/conf/options sys/conf/options
--- sys.orig/conf/options 2017-03-28 17:06:47.354763000 -0600
+++ sys/conf/options 2016-05-27 09:49:40.000000000 -0600
@@ -941,3 +941,6 @@
# Intel em(4) driver
EM_MULTIQUEUE opt_em.h
+
+# Emulab Ping of Death
+ICMP_PINGOFDEATH opt_icmp_pingofdeath.h
diff -rNu sys.orig/netinet/ip_icmp.c sys/netinet/ip_icmp.c
--- sys.orig/netinet/ip_icmp.c 2017-03-28 17:07:36.048265000 -0600
+++ sys/netinet/ip_icmp.c 2016-05-27 10:33:19.000000000 -0600
@@ -155,6 +155,11 @@
static void icmp_reflect(struct mbuf *);
static void icmp_send(struct mbuf *, struct mbuf *);
+#include "opt_icmp_pingofdeath.h"
+#ifdef ICMP_PINGOFDEATH
+static void icmp_pingofdeath(struct icmp *, struct ip *, int);
+#endif
+
extern struct protosw inetsw[];
static int
@@ -661,6 +666,12 @@
pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&icmpsrc);
break;
+#ifdef ICMP_PINGOFDEATH
+ case ICMP_PINGOFDEATH:
+ icmp_pingofdeath(icp, ip, hlen);
+ break;
+#endif
+
/*
* No kernel processing for the following;
* just fall through to send to raw listener.
@@ -1006,3 +1017,114 @@
return 0; /* okay to send packet */
#undef N
}
+
+#ifdef ICMP_PINGOFDEATH
+#include <sys/proc.h>
+#include <sys/sched.h>
+#include <sys/syslog.h>
+
+SYSCTL_NODE(_net_inet_icmp, OID_AUTO, ipod, CTLFLAG_RW, 0,
+ "ICMP Ping of Death");
+
+/* non-virtualized */
+static int ipod_version = 2;
+SYSCTL_INT(_net_inet_icmp_ipod, OID_AUTO, version, CTLFLAG_RD,
+ &ipod_version, 0, "");
+
+static int ipod_enabled = 0;
+SYSCTL_INT(_net_inet_icmp_ipod, OID_AUTO, enabled, CTLFLAG_RW,
+ &ipod_enabled, 0, "");
+
+static unsigned long ipod_host = 0xffffffff;
+SYSCTL_ULONG(_net_inet_icmp_ipod, OID_AUTO, host, CTLFLAG_RW,
+ &ipod_host, 0, "");
+static unsigned long ipod_mask = 0xffffffff;
+SYSCTL_ULONG(_net_inet_icmp_ipod, OID_AUTO, mask, CTLFLAG_RW,
+ &ipod_mask, 0, "");
+
+static char ipod_key[32+1] = { "SETMETOSOMETHINGTHIRTYTWOBYTES!!" };
+#define IPOD_CHECK_KEY \
+ (ipod_key[0] != 0)
+#define IPOD_VALID_KEY(d) \
+ (strncmp(ipod_key, (char *)(d), strlen(ipod_key)) == 0)
+
+static int
+ipod_getkey(SYSCTL_HANDLER_ARGS)
+{
+ int error;
+
+ /* XXX fake up a result */
+ error = SYSCTL_OUT(req, "XXXX", 4+1);
+ if (error || !req->newptr)
+ return (error);
+
+ if ((req->newlen - req->newidx) >= sizeof(ipod_key))
+ return (EINVAL);
+
+ arg2 = (req->newlen - req->newidx);
+ error = SYSCTL_IN(req, ipod_key, arg2);
+ memset(&ipod_key[arg2], 0, sizeof(ipod_key) - arg2);
+
+ return (error);
+}
+
+SYSCTL_PROC(_net_inet_icmp_ipod, OID_AUTO, key, CTLTYPE_STRING | CTLFLAG_RW,
+ NULL, 0, ipod_getkey, "A", "");
+
+static void
+icmp_pingofdeath(icp, ip, hlen)
+ struct icmp *icp;
+ struct ip *ip;
+ int hlen;
+{
+ int doit = 0;
+
+ /*
+ * If IPOD not enabled or wrong ICMP code, ignore.
+ */
+ if (!ipod_enabled || icp->icmp_code != 6)
+ return;
+
+ /*
+ * First check the source address info.
+ * If host not set, ignore.
+ */
+ if (ipod_host != 0xffffffff &&
+ (ntohl(ip->ip_src.s_addr) & ipod_mask) == ipod_host) {
+ /*
+ * Now check the key if enabled.
+ * If packet doesn't contain enough data or key
+ * is otherwise invalid, ignore.
+ */
+ if (IPOD_CHECK_KEY) {
+ if (ntohs(ip->ip_len) >= strlen(ipod_key) &&
+ IPOD_VALID_KEY(icp->icmp_data))
+ doit = 1;
+ } else {
+ doit = 1;
+ }
+ }
+
+ if (doit) {
+ ipod_enabled = 0;
+#if defined(SMP)
+ /*
+ * Bind us to CPU 0 so that all shutdown code runs there. Some
+ * systems don't shutdown properly (i.e., ACPI power off) if we
+ * run on another processor.
+ */
+ thread_lock(curthread);
+ sched_bind(curthread, 0);
+ thread_unlock(curthread);
+#endif
+ splhigh();
+ printf("IPOD: reboot forced by %x...\n",
+ ntohl(ip->ip_src.s_addr));
+ DELAY(1000000);
+ cpu_reset();
+ } else {
+ log(LOG_ERR, "IPOD: from %x rejected\n",
+ ntohl(ip->ip_src.s_addr));
+ }
+}
+#endif
......@@ -52,6 +52,14 @@ E. FreeBSD-10.x-vfs_exports.patch
cd /usr/src
sudo patch -p0 < patchfile
F. FreeBSD-10.3-ipod.patch
Utah kernel modification to allow an authenticated ICMP "Ping Of Death"
("ipod") packet. (Yes, we came before that other ipod...) We only define
this on node kernels and not on the servers.
cd /usr/src
sudo patch -p0 < patchfile
II. Old, irrelevant:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment