Message ID | 1394486725-4992-2-git-send-email-linus.luessing@web.de |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
On Mon, Mar 10, 2014 at 10:25:25PM +0100, Linus Lüssing wrote: > br_multicast_query_received(br, port, &br->ip6_querier, > - !ipv6_addr_any(&ip6h->saddr), max_delay); > + !ipv6_addr_any(&ip6h->saddr), > + is_general_query, max_delay); Just a small nit, maybe for a later patch: After your change 6565b9eeef194a ("bridge: multicast: add sanity check for query source addresses"), which is still in -net only, we could replace !ipv6_addr_any(&ip6h->saddr) with '1'? Greetings, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, Mar 10, 2014 at 11:56:00PM +0100, Hannes Frederic Sowa wrote: > On Mon, Mar 10, 2014 at 10:25:25PM +0100, Linus Lüssing wrote: > > br_multicast_query_received(br, port, &br->ip6_querier, > > - !ipv6_addr_any(&ip6h->saddr), max_delay); > > + !ipv6_addr_any(&ip6h->saddr), > > + is_general_query, max_delay); > > Just a small nit, maybe for a later patch: > > After your change 6565b9eeef194a ("bridge: multicast: add sanity check > for query source addresses"), which is still in -net only, we could > replace !ipv6_addr_any(&ip6h->saddr) with '1'? Aiy, good point, that part is obsolete now and br_multicast_query_received() could be simplified, right. Going to do that once we are out of deep-RC territory again and/or the according commit is available in net-next. Thanks for the hint! Cheers, Linus
From: Linus Lüssing <linus.luessing@web.de> Date: Mon, 10 Mar 2014 22:25:25 +0100 > Without this check someone could easily create a denial of service > by injecting multicast-specific queries to enable the bridge > snooping part if no real querier issuing periodic general queries > is present on the link which would result in the bridge wrongly > shutting down ports for multicast traffic as the bridge did not learn > about these listeners. > > With this patch the snooping code is enabled upon receiving valid, > general queries only. > > Signed-off-by: Linus Lüssing <linus.luessing@web.de> Applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c index e56bae4..93067ec 100644 --- a/net/bridge/br_multicast.c +++ b/net/bridge/br_multicast.c @@ -1127,9 +1127,10 @@ static void br_multicast_query_received(struct net_bridge *br, struct net_bridge_port *port, struct bridge_mcast_querier *querier, int saddr, + bool is_general_query, unsigned long max_delay) { - if (saddr) + if (saddr && is_general_query) br_multicast_update_querier_timer(br, querier, max_delay); else if (timer_pending(&querier->timer)) return; @@ -1190,7 +1191,7 @@ static int br_ip4_multicast_query(struct net_bridge *br, } br_multicast_query_received(br, port, &br->ip4_querier, !!iph->saddr, - max_delay); + !group, max_delay); if (!group) goto out; @@ -1282,7 +1283,8 @@ static int br_ip6_multicast_query(struct net_bridge *br, } br_multicast_query_received(br, port, &br->ip6_querier, - !ipv6_addr_any(&ip6h->saddr), max_delay); + !ipv6_addr_any(&ip6h->saddr), + is_general_query, max_delay); if (!group) goto out;
Without this check someone could easily create a denial of service by injecting multicast-specific queries to enable the bridge snooping part if no real querier issuing periodic general queries is present on the link which would result in the bridge wrongly shutting down ports for multicast traffic as the bridge did not learn about these listeners. With this patch the snooping code is enabled upon receiving valid, general queries only. Signed-off-by: Linus Lüssing <linus.luessing@web.de> --- v2: unchanged net/bridge/br_multicast.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)