Open-Mesh

Jan 05, 2015. Today the B.A.T.M.A.N. team releases an updated version of batman-adv: 2014.4.0. This release not only brings bugfixes but also addresses a security flaw which - when exploited - allows to crash a remote system running batman-adv. All batman-adv versions newer than and including version 2014.0.0 are vulnerable. An upgrade is strongly recommended. As the kernel module always depends on the Linux kernel it is compiled against, it does not make sense to provide binaries on our website. As usual, you will find the signed tarballs in our download section:

https://downloads.open-mesh.org/batman/releases/batman-adv-2014.4.0/

as well as prepackaged binaries in your distribution.

Thanks¶

Thanks to all people sending in patches:

• André Gaul <gaul@web-yard.de>
• Antonio Quartulli <antonio@meshcoding.com>
• Jean Sacren <sakiwit@gmail.com>
• Ken Helias <kenhelias@firemail.de>
• Linus Lüssing <linus.luessing@c0d3.blue>
• Martin Hundebøll <martin@hundeboll.net>
• Octavian Purdila <octavian.purdila@intel.com>
• Simon Wunderlich <sw@simonwunderlich.de>
• Sven Eckelmann <sven@narfation.org>
• Tom Gundersen <teg@jklm.no>

and to all those that supported us with good advice or rigorous testing:

• Andrew Lunn <andrew@lunn.ch>

batman-adv¶

The security vulnerability described in CVE-2014-9428 (malformed batman-adv fragmentation packets can lead to a kernel crash) was discovered and fixed with this release. Another batman-adv fragmentation improvement allows fragments to arrive out-of-order instead of getting dropped, thus forcing a retransmission. The default hop penalty was increased to 30 to better support dual band setups in which a low hop penalty leads to excessively long paths. Also addressed was the miscounting of multicast recipients (with multicast optimizations enabled) leading to multicast packet loss in same cases.

batctl¶

batctl's tcpdump component was enriched with an TVLV parser to be able to print relevant TVLV container information such as announced gateway speeds, translation table updates, roaming announcements, etc. Previously printed bridge loop avoidance packets of the type 'request' reported a wrong backbone address. That has been fixed.

alfred¶

The alfred core can now change the interface it uses for network communication on the fly. This allows to reassign the interface without losing the currently stored data. Alfred processes running in primary mode are now able to handle multiple interfaces which will be used to exchange the same data. But it is also possible to run multiple processes on different interfaces which then manage their data independent from each other and can be accessed by the alfred clients using individual UNIX sockets.

Happy routing,

The B.A.T.M.A.N. team