[ 3.5.y.z extended stable ] Patch "batman-adv: Fix broadcast packet CRC calculation" has been added to staging queue

Herton Ronaldo Krzesinski herton.krzesinski at canonical.com
Wed Dec 12 05:10:33 UTC 2012

This is a note to let you know that I have just added a patch titled

    batman-adv: Fix broadcast packet CRC calculation

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:


If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see



>From 9388cc97051d93456cd1ea486894d0f00d0f3197 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Linus=20L=C3=BCssing?= <linus.luessing at web.de>
Date: Wed, 17 Oct 2012 14:53:04 +0200
Subject: [PATCH] batman-adv: Fix broadcast packet CRC calculation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

commit 7f112af40fecf5399b61e69ffc6b55a9d82789f7 upstream.

So far the crc16 checksum for a batman-adv broadcast data packet, received
on a batman-adv hard interface, was calculated over zero bytes of its
content leading to many incoming broadcast data packets wrongly being
dropped (60-80% packet loss).

This patch fixes this issue by calculating the crc16 over the actual,
complete broadcast payload.

The issue is a regression introduced by
("batman-adv: add broadcast duplicate check").

Signed-off-by: Linus L├╝ssing <linus.luessing at web.de>
Acked-by: Simon Wunderlich <siwu at hrz.tu-chemnitz.de>
Signed-off-by: Marek Lindner <lindner_marek at yahoo.de>
[ herton: use backported version provided on stable mailing list, but
  drop unrelated comment change ]
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski at canonical.com>
 net/batman-adv/bridge_loop_avoidance.c |    8 ++++----
 net/batman-adv/routing.c               |    8 +++++++-
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c
index c5863f4..2531044 100644
--- a/net/batman-adv/bridge_loop_avoidance.c
+++ b/net/batman-adv/bridge_loop_avoidance.c
@@ -1172,8 +1172,8 @@ int bla_init(struct bat_priv *bat_priv)

  * @bat_priv: the bat priv with all the soft interface information
- * @bcast_packet: originator mac address
- * @hdr_size: maximum length of the frame
+ * @bcast_packet: encapsulated broadcast frame plus batman header
+ * @bcast_packet_len: length of encapsulated broadcast frame plus batman header
  * check if it is on our broadcast list. Another gateway might
  * have sent the same packet because it is connected to the same backbone,
@@ -1188,14 +1188,14 @@ int bla_init(struct bat_priv *bat_priv)

 int bla_check_bcast_duplist(struct bat_priv *bat_priv,
 			    struct bcast_packet *bcast_packet,
-			    int hdr_size)
+			    int bcast_packet_len)
 	int i, length, curr;
 	uint8_t *content;
 	uint16_t crc;
 	struct bcast_duplist_entry *entry;

-	length = hdr_size - sizeof(*bcast_packet);
+	length = bcast_packet_len - sizeof(*bcast_packet);
 	content = (uint8_t *)bcast_packet;
 	content += sizeof(*bcast_packet);

diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
index 015471d..af40ca3 100644
--- a/net/batman-adv/routing.c
+++ b/net/batman-adv/routing.c
@@ -1081,8 +1081,14 @@ int recv_bcast_packet(struct sk_buff *skb, struct hard_iface *recv_if)


+	/* keep skb linear for crc calculation */
+	if (skb_linearize(skb) < 0)
+		goto out;
+	bcast_packet = (struct bcast_packet *)skb->data;
 	/* check whether this has been sent by another originator before */
-	if (bla_check_bcast_duplist(bat_priv, bcast_packet, hdr_size))
+	if (bla_check_bcast_duplist(bat_priv, bcast_packet, skb->len))
 		goto out;

 	/* rebroadcast packet */

More information about the kernel-team mailing list