| Message ID | 1403610628-19676-1-git-send-email-liuhangbin@gmail.com |
|---|---|
| State | Changes Requested, archived |
| Delegated to: | David Miller |
| Headers | show |
Hello. On 06/24/2014 03:50 PM, Hangbin Liu wrote: > Based on RFC3810 6.2, we also need to check the hop limit and router alert > option besides source address. > Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> > --- > net/ipv6/mcast.c | 14 ++++++++++++-- > 1 file changed, 12 insertions(+), 2 deletions(-) > diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c > index 08b367c..fdf7455 100644 > --- a/net/ipv6/mcast.c > +++ b/net/ipv6/mcast.c > @@ -1301,8 +1301,18 @@ int igmp6_event_query(struct sk_buff *skb) > len = ntohs(ipv6_hdr(skb)->payload_len) + sizeof(struct ipv6hdr); > len -= skb_network_header_len(skb); > > - /* Drop queries with not link local source */ > - if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) > + /* RFC3810 6.2 > + * Upon reception of an MLD message that contains a Query, the node > + * checks if the source address of the message is a valid link-local > + * address, if the Hop Limit is set to 1, and if the Router Alert > + * option is present in the Hop-By-Hop Options header of the IPv6 > + * packet. If any of these checks fails, the packet is dropped. > + */ > + if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL) || > + ipv6_hdr(skb)->hop_limit != 1 || > + ipv6_hdr(skb)->nexthdr != NEXTHDR_HOP || > + !(IP6CB(skb)->flags & IP6SKB_ROUTERALERT) || > + IP6CB(skb)->ra != htons(IPV6_OPT_ROUTERALERT_MLD)) The continuation lines should start exactly under '!' on the broken up line. WBR, Sergei -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
2014-06-24 22:27 GMT+08:00 Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>: > Hello. > > > On 06/24/2014 03:50 PM, Hangbin Liu wrote: > >> Based on RFC3810 6.2, we also need to check the hop limit and router alert >> option besides source address. > > >> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> >> --- >> net/ipv6/mcast.c | 14 ++++++++++++-- >> 1 file changed, 12 insertions(+), 2 deletions(-) > > >> diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c >> index 08b367c..fdf7455 100644 >> --- a/net/ipv6/mcast.c >> +++ b/net/ipv6/mcast.c >> @@ -1301,8 +1301,18 @@ int igmp6_event_query(struct sk_buff *skb) >> len = ntohs(ipv6_hdr(skb)->payload_len) + sizeof(struct ipv6hdr); >> len -= skb_network_header_len(skb); >> >> - /* Drop queries with not link local source */ >> - if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & >> IPV6_ADDR_LINKLOCAL)) >> + /* RFC3810 6.2 >> + * Upon reception of an MLD message that contains a Query, the >> node >> + * checks if the source address of the message is a valid >> link-local >> + * address, if the Hop Limit is set to 1, and if the Router Alert >> + * option is present in the Hop-By-Hop Options header of the IPv6 >> + * packet. If any of these checks fails, the packet is dropped. >> + */ >> + if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL) >> || >> + ipv6_hdr(skb)->hop_limit != 1 || >> + ipv6_hdr(skb)->nexthdr != NEXTHDR_HOP || >> + !(IP6CB(skb)->flags & IP6SKB_ROUTERALERT) || >> + IP6CB(skb)->ra != htons(IPV6_OPT_ROUTERALERT_MLD)) > > > The continuation lines should start exactly under '!' on the broken up > line. Ah, thanks for the reminder. I will send a patch v2 later. Best Regards Hangbin Liu > > WBR, Sergei > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c index 08b367c..fdf7455 100644 --- a/net/ipv6/mcast.c +++ b/net/ipv6/mcast.c @@ -1301,8 +1301,18 @@ int igmp6_event_query(struct sk_buff *skb) len = ntohs(ipv6_hdr(skb)->payload_len) + sizeof(struct ipv6hdr); len -= skb_network_header_len(skb); - /* Drop queries with not link local source */ - if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) + /* RFC3810 6.2 + * Upon reception of an MLD message that contains a Query, the node + * checks if the source address of the message is a valid link-local + * address, if the Hop Limit is set to 1, and if the Router Alert + * option is present in the Hop-By-Hop Options header of the IPv6 + * packet. If any of these checks fails, the packet is dropped. + */ + if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL) || + ipv6_hdr(skb)->hop_limit != 1 || + ipv6_hdr(skb)->nexthdr != NEXTHDR_HOP || + !(IP6CB(skb)->flags & IP6SKB_ROUTERALERT) || + IP6CB(skb)->ra != htons(IPV6_OPT_ROUTERALERT_MLD)) return -EINVAL; idev = __in6_dev_get(skb->dev);
Based on RFC3810 6.2, we also need to check the hop limit and router alert option besides source address. Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> --- net/ipv6/mcast.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-)