diff options
| author | Linus Lüssing <linus.luessing@web.de> | 2014-03-10 17:25:25 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-03-11 23:22:10 -0400 |
| commit | 20a599bec95a52fa72432b2376a2ce47c5bb68fb (patch) | |
| tree | 37e01659d8e8974706ecc4042fff98bba274a59a /net | |
| parent | 9ed973cc40c588abeaa58aea0683ea665132d11d (diff) | |
bridge: multicast: enable snooping on general queries only
Without this check someone could easily create a denial of service
by injecting multicast-specific queries to enable the bridge
snooping part if no real querier issuing periodic general queries
is present on the link which would result in the bridge wrongly
shutting down ports for multicast traffic as the bridge did not learn
about these listeners.
With this patch the snooping code is enabled upon receiving valid,
general queries only.
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/bridge/br_multicast.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c index e56bae4f59ce..93067ecdb9a2 100644 --- a/net/bridge/br_multicast.c +++ b/net/bridge/br_multicast.c | |||
| @@ -1127,9 +1127,10 @@ static void br_multicast_query_received(struct net_bridge *br, | |||
| 1127 | struct net_bridge_port *port, | 1127 | struct net_bridge_port *port, |
| 1128 | struct bridge_mcast_querier *querier, | 1128 | struct bridge_mcast_querier *querier, |
| 1129 | int saddr, | 1129 | int saddr, |
| 1130 | bool is_general_query, | ||
| 1130 | unsigned long max_delay) | 1131 | unsigned long max_delay) |
| 1131 | { | 1132 | { |
| 1132 | if (saddr) | 1133 | if (saddr && is_general_query) |
| 1133 | br_multicast_update_querier_timer(br, querier, max_delay); | 1134 | br_multicast_update_querier_timer(br, querier, max_delay); |
| 1134 | else if (timer_pending(&querier->timer)) | 1135 | else if (timer_pending(&querier->timer)) |
| 1135 | return; | 1136 | return; |
| @@ -1190,7 +1191,7 @@ static int br_ip4_multicast_query(struct net_bridge *br, | |||
| 1190 | } | 1191 | } |
| 1191 | 1192 | ||
| 1192 | br_multicast_query_received(br, port, &br->ip4_querier, !!iph->saddr, | 1193 | br_multicast_query_received(br, port, &br->ip4_querier, !!iph->saddr, |
| 1193 | max_delay); | 1194 | !group, max_delay); |
| 1194 | 1195 | ||
| 1195 | if (!group) | 1196 | if (!group) |
| 1196 | goto out; | 1197 | goto out; |
| @@ -1282,7 +1283,8 @@ static int br_ip6_multicast_query(struct net_bridge *br, | |||
| 1282 | } | 1283 | } |
| 1283 | 1284 | ||
| 1284 | br_multicast_query_received(br, port, &br->ip6_querier, | 1285 | br_multicast_query_received(br, port, &br->ip6_querier, |
| 1285 | !ipv6_addr_any(&ip6h->saddr), max_delay); | 1286 | !ipv6_addr_any(&ip6h->saddr), |
| 1287 | is_general_query, max_delay); | ||
| 1286 | 1288 | ||
| 1287 | if (!group) | 1289 | if (!group) |
| 1288 | goto out; | 1290 | goto out; |