1 commit f0b4eeced518c632210ef2aea44fc92cc9e86cce
2 Author: Linus Lüssing <linus.luessing@web.de>
3 Date: Mon Nov 17 12:20:28 2014 +0100
5 bridge: fix netfilter/NF_BR_LOCAL_OUT for own, locally generated queries
7 Ebtables on the OUTPUT chain (NF_BR_LOCAL_OUT) would not work as expected
8 for both locally generated IGMP and MLD queries. The IP header specific
9 filter options are off by 14 Bytes for netfilter (actual output on
12 NF_HOOK() expects the skb->data to point to the IP header, not the
13 ethernet one (while dev_queue_xmit() does not). Luckily there is an
14 br_dev_queue_push_xmit() helper function already - let's just use that.
16 Introduced by eb1d16414339a6e113d89e2cca2556005d7ce919
17 ("bridge: Add core IGMP snooping support")
21 $ ebtables -I OUTPUT -p IPv6 -o eth1 --logical-out br0 \
22 --log --log-level 6 --log-ip6 --log-prefix="~EBT: " -j DROP
26 ~EBT: IN= OUT=eth1 MAC source = 02:04:64:a4:39:c2 \
27 MAC dest = 33:33:00:00:00:01 proto = 0x86dd IPv6 \
28 SRC=64a4:39c2:86dd:6000:0000:0020:0001:fe80 IPv6 \
29 DST=0000:0000:0000:0004:64ff:fea4:39c2:ff02, \
30 IPv6 priority=0x3, Next Header=2
34 ~EBT: IN= OUT=eth1 MAC source = 02:04:64:a4:39:c2 \
35 MAC dest = 33:33:00:00:00:01 proto = 0x86dd IPv6 \
36 SRC=fe80:0000:0000:0000:0004:64ff:fea4:39c2 IPv6 \
37 DST=ff02:0000:0000:0000:0000:0000:0000:0001, \
38 IPv6 priority=0x0, Next Header=0
40 Signed-off-by: Linus Lüssing <linus.luessing@web.de>
41 Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
42 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
44 commit 20a599bec95a52fa72432b2376a2ce47c5bb68fb
45 Author: Linus Lüssing <linus.luessing@web.de>
46 Date: Mon Mar 10 22:25:25 2014 +0100
48 bridge: multicast: enable snooping on general queries only
50 Without this check someone could easily create a denial of service
51 by injecting multicast-specific queries to enable the bridge
52 snooping part if no real querier issuing periodic general queries
53 is present on the link which would result in the bridge wrongly
54 shutting down ports for multicast traffic as the bridge did not learn
55 about these listeners.
57 With this patch the snooping code is enabled upon receiving valid,
60 Signed-off-by: Linus Lüssing <linus.luessing@web.de>
61 Signed-off-by: David S. Miller <davem@davemloft.net>
63 commit 9ed973cc40c588abeaa58aea0683ea665132d11d
64 Author: Linus Lüssing <linus.luessing@web.de>
65 Date: Mon Mar 10 22:25:24 2014 +0100
67 bridge: multicast: add sanity check for general query destination
69 General IGMP and MLD queries are supposed to have the multicast
70 link-local all-nodes address as their destination according to RFC2236
71 section 9, RFC3376 section 4.1.12/9.1, RFC2710 section 8 and RFC3810
74 Without this check, such malformed IGMP/MLD queries can result in a
75 denial of service: The queries are ignored by most IGMP/MLD listeners
76 therefore they will not respond with an IGMP/MLD report. However,
77 without this patch these malformed MLD queries would enable the
78 snooping part in the bridge code, potentially shutting down the
79 according ports towards these hosts for multicast traffic as the
80 bridge did not learn about these listeners.
82 Reported-by: Jan Stancek <jstancek@redhat.com>
83 Signed-off-by: Linus Lüssing <linus.luessing@web.de>
84 Signed-off-by: David S. Miller <davem@davemloft.net>
86 commit 3c3769e63301fd92fcaf51870c371583dd0282ce
87 Author: Linus Lüssing <linus.luessing@web.de>
88 Date: Wed Sep 4 02:13:39 2013 +0200
90 bridge: apply multicast snooping to IPv6 link-local, too
92 The multicast snooping code should have matured enough to be safely
93 applicable to IPv6 link-local multicast addresses (excluding the
94 link-local all nodes address, ff02::1), too.
96 Signed-off-by: Linus Lüssing <linus.luessing@web.de>
97 Signed-off-by: David S. Miller <davem@davemloft.net>
99 commit 8fad9c39f31f9ed7bf3526c43a4537b2fcf1a5d5
100 Author: Linus Lüssing <linus.luessing@web.de>
101 Date: Wed Sep 4 02:13:38 2013 +0200
103 bridge: prevent flooding IPv6 packets that do not have a listener
105 Currently if there is no listener for a certain group then IPv6 packets
106 for that group are flooded on all ports, even though there might be no
107 host and router interested in it on a port.
109 With this commit they are only forwarded to ports with a multicast
112 Just like commit bd4265fe36 ("bridge: Only flood unregistered groups
113 to routers") did for IPv4, let's do the same for IPv6 with the same
116 Signed-off-by: Linus Lüssing <linus.luessing@web.de>
117 Signed-off-by: David S. Miller <davem@davemloft.net>
119 commit cc0fdd802859eaeb00e1c87dbb655594bed2844c
120 Author: Linus Lüssing <linus.luessing@web.de>
121 Date: Fri Aug 30 17:28:17 2013 +0200
123 bridge: separate querier and query timer into IGMP/IPv4 and MLD/IPv6 ones
125 Currently we would still potentially suffer multicast packet loss if there
126 is just either an IGMP or an MLD querier: For the former case, we would
127 possibly drop IPv6 multicast packets, for the latter IPv4 ones. This is
128 because we are currently assuming that if either an IGMP or MLD querier
129 is present that the other one is present, too.
131 This patch makes the behaviour and fix added in
132 "bridge: disable snooping if there is no querier" (b00589af3b04)
133 to also work if there is either just an IGMP or an MLD querier on the
134 link: It refines the deactivation of the snooping to be protocol
135 specific by using separate timers for the snooped IGMP and MLD queries
136 as well as separate timers for our internal IGMP and MLD queriers.
138 Signed-off-by: Linus Lüssing <linus.luessing@web.de>
139 Signed-off-by: David S. Miller <davem@davemloft.net>
141 commit b00589af3b04736376f24625ab0b394642e89e29
142 Author: Linus Lüssing <linus.luessing@web.de>
143 Date: Thu Aug 1 01:06:20 2013 +0200
145 bridge: disable snooping if there is no querier
147 If there is no querier on a link then we won't get periodic reports and
148 therefore won't be able to learn about multicast listeners behind ports,
149 potentially leading to lost multicast packets, especially for multicast
150 listeners that joined before the creation of the bridge.
152 These lost multicast packets can appear since c5c23260594
153 ("bridge: Add multicast_querier toggle and disable queries by default")
156 With this patch we are flooding multicast packets if our querier is
157 disabled and if we didn't detect any other querier.
159 A grace period of the Maximum Response Delay of the querier is added to
160 give multicast responses enough time to arrive and to be learned from
161 before disabling the flooding behaviour again.
163 Signed-off-by: Linus Lüssing <linus.luessing@web.de>
164 Signed-off-by: David S. Miller <davem@davemloft.net>
166 commit 6b7df111ece130fa979a0c4f58e53674c1e47d3e
167 Author: Cong Wang <amwang@redhat.com>
168 Date: Tue May 21 21:52:56 2013 +0000
170 bridge: send query as soon as leave is received
172 Continue sending queries when leave is received if the user marks
175 Cc: Herbert Xu <herbert@gondor.apana.org.au>
176 Cc: Stephen Hemminger <stephen@networkplumber.org>
177 Cc: "David S. Miller" <davem@davemloft.net>
178 Cc: Adam Baker <linux@baker-net.org.uk>
179 Signed-off-by: Cong Wang <amwang@redhat.com>
180 Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
181 Signed-off-by: David S. Miller <davem@davemloft.net>
183 commit 1c8ad5bfa2be5025b0c81e3c2decd0574d453ab1
184 Author: Cong Wang <amwang@redhat.com>
185 Date: Tue May 21 21:52:54 2013 +0000
187 bridge: use the bridge IP addr as source addr for querier
190 "If it is believed that the use of 0.0.0.0
191 as the IP address is what is causing strange behaviour on other devices
192 then is there a good reason that a bridge rather than a router shouldn't
193 be the active querier? If not then using the bridge IP address and
194 having the querier enabled by default may be a reasonable solution
195 (provided that our querier obeys the election rules and shuts up if it
196 sees a query from a lower IP address that isn't 0.0.0.0). Just because a
197 device is the elected querier for IGMP doesn't appear to mean it is
198 required to perform any other routing functions."
200 And introduce a new troggle for it, as suggested by Herbert.
202 Suggested-by: Adam Baker <linux@baker-net.org.uk>
203 Cc: Herbert Xu <herbert@gondor.apana.org.au>
204 Cc: Stephen Hemminger <stephen@networkplumber.org>
205 Cc: "David S. Miller" <davem@davemloft.net>
206 Cc: Adam Baker <linux@baker-net.org.uk>
207 Signed-off-by: Cong Wang <amwang@redhat.com>
208 Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
209 Signed-off-by: David S. Miller <davem@davemloft.net>
211 --- a/net/bridge/br_device.c
212 +++ b/net/bridge/br_device.c
213 @@ -67,7 +67,8 @@ netdev_tx_t br_dev_xmit(struct sk_buff *
216 mdst = br_mdb_get(br, skb, vid);
217 - if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb))
218 + if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) &&
219 + br_multicast_querier_exists(br, eth_hdr(skb)))
220 br_multicast_deliver(mdst, skb);
222 br_flood_deliver(br, skb);
223 --- a/net/bridge/br_input.c
224 +++ b/net/bridge/br_input.c
225 @@ -98,7 +98,8 @@ int br_handle_frame_finish(struct sk_buf
227 else if (is_multicast_ether_addr(dest)) {
228 mdst = br_mdb_get(br, skb, vid);
229 - if (mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) {
230 + if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) &&
231 + br_multicast_querier_exists(br, eth_hdr(skb))) {
232 if ((mdst && mdst->mglist) ||
233 br_multicast_is_router(br))
235 --- a/net/bridge/br_multicast.c
236 +++ b/net/bridge/br_multicast.c
238 #include <linux/skbuff.h>
239 #include <linux/slab.h>
240 #include <linux/timer.h>
241 +#include <linux/inetdevice.h>
243 #if IS_ENABLED(CONFIG_IPV6)
244 #include <net/ipv6.h>
246 #include <net/ip6_checksum.h>
247 +#include <net/addrconf.h>
250 #include "br_private.h"
252 -static void br_multicast_start_querier(struct net_bridge *br);
253 +static void br_multicast_start_querier(struct net_bridge *br,
254 + struct bridge_mcast_query *query);
255 unsigned int br_mdb_rehash_seq;
257 static inline int br_ip_equal(const struct br_ip *a, const struct br_ip *b)
258 @@ -381,7 +384,8 @@ static struct sk_buff *br_ip4_multicast_
259 iph->frag_off = htons(IP_DF);
261 iph->protocol = IPPROTO_IGMP;
263 + iph->saddr = br->multicast_query_use_ifaddr ?
264 + inet_select_addr(br->dev, 0, RT_SCOPE_LINK) : 0;
265 iph->daddr = htonl(INADDR_ALLHOSTS_GROUP);
266 ((u8 *)&iph[1])[0] = IPOPT_RA;
267 ((u8 *)&iph[1])[1] = 4;
268 @@ -724,7 +728,7 @@ static int br_ip6_multicast_add_group(st
270 struct br_ip br_group;
272 - if (!ipv6_is_transient_multicast(group))
273 + if (ipv6_addr_is_ll_all_nodes(group))
276 br_group.u.ip6 = *group;
277 @@ -756,20 +760,35 @@ static void br_multicast_local_router_ex
281 -static void br_multicast_querier_expired(unsigned long data)
282 +static void br_multicast_querier_expired(struct net_bridge *br,
283 + struct bridge_mcast_query *query)
285 - struct net_bridge *br = (void *)data;
287 spin_lock(&br->multicast_lock);
288 if (!netif_running(br->dev) || br->multicast_disabled)
291 - br_multicast_start_querier(br);
292 + br_multicast_start_querier(br, query);
295 spin_unlock(&br->multicast_lock);
298 +static void br_ip4_multicast_querier_expired(unsigned long data)
300 + struct net_bridge *br = (void *)data;
302 + br_multicast_querier_expired(br, &br->ip4_query);
305 +#if IS_ENABLED(CONFIG_IPV6)
306 +static void br_ip6_multicast_querier_expired(unsigned long data)
308 + struct net_bridge *br = (void *)data;
310 + br_multicast_querier_expired(br, &br->ip6_query);
314 static void __br_multicast_send_query(struct net_bridge *br,
315 struct net_bridge_port *port,
317 @@ -781,46 +800,53 @@ static void __br_multicast_send_query(st
321 - __skb_push(skb, sizeof(struct ethhdr));
322 skb->dev = port->dev;
323 NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
325 + br_dev_queue_push_xmit);
330 static void br_multicast_send_query(struct net_bridge *br,
331 - struct net_bridge_port *port, u32 sent)
332 + struct net_bridge_port *port,
333 + struct bridge_mcast_query *query)
336 struct br_ip br_group;
337 + struct bridge_mcast_querier *querier = NULL;
339 if (!netif_running(br->dev) || br->multicast_disabled ||
340 - !br->multicast_querier ||
341 - timer_pending(&br->multicast_querier_timer))
342 + !br->multicast_querier)
345 memset(&br_group.u, 0, sizeof(br_group.u));
347 - br_group.proto = htons(ETH_P_IP);
348 - __br_multicast_send_query(br, port, &br_group);
350 + if (port ? (query == &port->ip4_query) :
351 + (query == &br->ip4_query)) {
352 + querier = &br->ip4_querier;
353 + br_group.proto = htons(ETH_P_IP);
354 #if IS_ENABLED(CONFIG_IPV6)
355 - br_group.proto = htons(ETH_P_IPV6);
356 - __br_multicast_send_query(br, port, &br_group);
358 + querier = &br->ip6_querier;
359 + br_group.proto = htons(ETH_P_IPV6);
363 + if (!querier || timer_pending(&querier->timer))
366 + __br_multicast_send_query(br, port, &br_group);
369 - time += sent < br->multicast_startup_query_count ?
370 + time += query->startup_sent < br->multicast_startup_query_count ?
371 br->multicast_startup_query_interval :
372 br->multicast_query_interval;
373 - mod_timer(port ? &port->multicast_query_timer :
374 - &br->multicast_query_timer, time);
375 + mod_timer(&query->timer, time);
378 -static void br_multicast_port_query_expired(unsigned long data)
379 +static void br_multicast_port_query_expired(struct net_bridge_port *port,
380 + struct bridge_mcast_query *query)
382 - struct net_bridge_port *port = (void *)data;
383 struct net_bridge *br = port->br;
385 spin_lock(&br->multicast_lock);
386 @@ -828,25 +854,43 @@ static void br_multicast_port_query_expi
387 port->state == BR_STATE_BLOCKING)
390 - if (port->multicast_startup_queries_sent <
391 - br->multicast_startup_query_count)
392 - port->multicast_startup_queries_sent++;
393 + if (query->startup_sent < br->multicast_startup_query_count)
394 + query->startup_sent++;
396 - br_multicast_send_query(port->br, port,
397 - port->multicast_startup_queries_sent);
398 + br_multicast_send_query(port->br, port, query);
401 spin_unlock(&br->multicast_lock);
404 +static void br_ip4_multicast_port_query_expired(unsigned long data)
406 + struct net_bridge_port *port = (void *)data;
408 + br_multicast_port_query_expired(port, &port->ip4_query);
411 +#if IS_ENABLED(CONFIG_IPV6)
412 +static void br_ip6_multicast_port_query_expired(unsigned long data)
414 + struct net_bridge_port *port = (void *)data;
416 + br_multicast_port_query_expired(port, &port->ip6_query);
420 void br_multicast_add_port(struct net_bridge_port *port)
422 port->multicast_router = 1;
424 setup_timer(&port->multicast_router_timer, br_multicast_router_expired,
425 (unsigned long)port);
426 - setup_timer(&port->multicast_query_timer,
427 - br_multicast_port_query_expired, (unsigned long)port);
428 + setup_timer(&port->ip4_query.timer, br_ip4_multicast_port_query_expired,
429 + (unsigned long)port);
430 +#if IS_ENABLED(CONFIG_IPV6)
431 + setup_timer(&port->ip6_query.timer, br_ip6_multicast_port_query_expired,
432 + (unsigned long)port);
436 void br_multicast_del_port(struct net_bridge_port *port)
437 @@ -854,13 +898,13 @@ void br_multicast_del_port(struct net_br
438 del_timer_sync(&port->multicast_router_timer);
441 -static void __br_multicast_enable_port(struct net_bridge_port *port)
442 +static void br_multicast_enable(struct bridge_mcast_query *query)
444 - port->multicast_startup_queries_sent = 0;
445 + query->startup_sent = 0;
447 - if (try_to_del_timer_sync(&port->multicast_query_timer) >= 0 ||
448 - del_timer(&port->multicast_query_timer))
449 - mod_timer(&port->multicast_query_timer, jiffies);
450 + if (try_to_del_timer_sync(&query->timer) >= 0 ||
451 + del_timer(&query->timer))
452 + mod_timer(&query->timer, jiffies);
455 void br_multicast_enable_port(struct net_bridge_port *port)
456 @@ -871,7 +915,10 @@ void br_multicast_enable_port(struct net
457 if (br->multicast_disabled || !netif_running(br->dev))
460 - __br_multicast_enable_port(port);
461 + br_multicast_enable(&port->ip4_query);
462 +#if IS_ENABLED(CONFIG_IPV6)
463 + br_multicast_enable(&port->ip6_query);
467 spin_unlock(&br->multicast_lock);
468 @@ -890,7 +937,10 @@ void br_multicast_disable_port(struct ne
469 if (!hlist_unhashed(&port->rlist))
470 hlist_del_init_rcu(&port->rlist);
471 del_timer(&port->multicast_router_timer);
472 - del_timer(&port->multicast_query_timer);
473 + del_timer(&port->ip4_query.timer);
474 +#if IS_ENABLED(CONFIG_IPV6)
475 + del_timer(&port->ip6_query.timer);
477 spin_unlock(&br->multicast_lock);
480 @@ -1015,6 +1065,17 @@ static int br_ip6_multicast_mld2_report(
485 +br_multicast_update_querier_timer(struct net_bridge *br,
486 + struct bridge_mcast_querier *querier,
487 + unsigned long max_delay)
489 + if (!timer_pending(&querier->timer))
490 + querier->delay_time = jiffies + max_delay;
492 + mod_timer(&querier->timer, jiffies + br->multicast_querier_interval);
496 * Add port to rotuer_list
497 * list is maintained ordered by pointer value
498 @@ -1065,12 +1126,14 @@ timer:
500 static void br_multicast_query_received(struct net_bridge *br,
501 struct net_bridge_port *port,
505 - mod_timer(&br->multicast_querier_timer,
506 - jiffies + br->multicast_querier_interval);
507 - else if (timer_pending(&br->multicast_querier_timer))
508 + struct bridge_mcast_querier *querier,
510 + bool is_general_query,
511 + unsigned long max_delay)
513 + if (saddr && is_general_query)
514 + br_multicast_update_querier_timer(br, querier, max_delay);
515 + else if (timer_pending(&querier->timer))
518 br_multicast_mark_router(br, port);
519 @@ -1097,8 +1160,6 @@ static int br_ip4_multicast_query(struct
520 (port && port->state == BR_STATE_DISABLED))
523 - br_multicast_query_received(br, port, !!iph->saddr);
527 if (skb->len == sizeof(*ih)) {
528 @@ -1122,6 +1183,17 @@ static int br_ip4_multicast_query(struct
529 IGMPV3_MRC(ih3->code) * (HZ / IGMP_TIMER_SCALE) : 1;
532 + /* RFC2236+RFC3376 (IGMPv2+IGMPv3) require the multicast link layer
533 + * all-systems destination addresses (224.0.0.1) for general queries
535 + if (!group && iph->daddr != htonl(INADDR_ALLHOSTS_GROUP)) {
540 + br_multicast_query_received(br, port, &br->ip4_querier, !!iph->saddr,
541 + !group, max_delay);
546 @@ -1166,6 +1238,7 @@ static int br_ip6_multicast_query(struct
547 unsigned long max_delay;
548 unsigned long now = jiffies;
549 const struct in6_addr *group = NULL;
550 + bool is_general_query;
554 @@ -1174,8 +1247,6 @@ static int br_ip6_multicast_query(struct
555 (port && port->state == BR_STATE_DISABLED))
558 - br_multicast_query_received(br, port, !ipv6_addr_any(&ip6h->saddr));
560 /* RFC2710+RFC3810 (MLDv1+MLDv2) require link-local source addresses */
561 if (!(ipv6_addr_type(&ip6h->saddr) & IPV6_ADDR_LINKLOCAL)) {
563 @@ -1203,6 +1274,20 @@ static int br_ip6_multicast_query(struct
564 max_delay = max(msecs_to_jiffies(MLDV2_MRC(ntohs(mld2q->mld2q_mrc))), 1UL);
567 + is_general_query = group && ipv6_addr_any(group);
569 + /* RFC2710+RFC3810 (MLDv1+MLDv2) require the multicast link layer
570 + * all-nodes destination address (ff02::1) for general queries
572 + if (is_general_query && !ipv6_addr_is_ll_all_nodes(&ip6h->daddr)) {
577 + br_multicast_query_received(br, port, &br->ip6_querier,
578 + !ipv6_addr_any(&ip6h->saddr),
579 + is_general_query, max_delay);
584 @@ -1235,7 +1320,9 @@ out:
586 static void br_multicast_leave_group(struct net_bridge *br,
587 struct net_bridge_port *port,
588 - struct br_ip *group)
589 + struct br_ip *group,
590 + struct bridge_mcast_querier *querier,
591 + struct bridge_mcast_query *query)
593 struct net_bridge_mdb_htable *mdb;
594 struct net_bridge_mdb_entry *mp;
595 @@ -1246,7 +1333,7 @@ static void br_multicast_leave_group(str
596 spin_lock(&br->multicast_lock);
597 if (!netif_running(br->dev) ||
598 (port && port->state == BR_STATE_DISABLED) ||
599 - timer_pending(&br->multicast_querier_timer))
600 + timer_pending(&querier->timer))
603 mdb = mlock_dereference(br->mdb, br);
604 @@ -1254,6 +1341,31 @@ static void br_multicast_leave_group(str
608 + if (br->multicast_querier) {
609 + __br_multicast_send_query(br, port, &mp->addr);
611 + time = jiffies + br->multicast_last_member_count *
612 + br->multicast_last_member_interval;
614 + mod_timer(&query->timer, time);
616 + for (p = mlock_dereference(mp->ports, br);
618 + p = mlock_dereference(p->next, br)) {
619 + if (p->port != port)
622 + if (!hlist_unhashed(&p->mglist) &&
623 + (timer_pending(&p->timer) ?
624 + time_after(p->timer.expires, time) :
625 + try_to_del_timer_sync(&p->timer) >= 0)) {
626 + mod_timer(&p->timer, time);
633 if (port && (port->flags & BR_MULTICAST_FAST_LEAVE)) {
634 struct net_bridge_port_group __rcu **pp;
636 @@ -1306,7 +1418,6 @@ static void br_multicast_leave_group(str
642 spin_unlock(&br->multicast_lock);
644 @@ -1317,6 +1428,8 @@ static void br_ip4_multicast_leave_group
647 struct br_ip br_group;
648 + struct bridge_mcast_query *query = port ? &port->ip4_query :
651 if (ipv4_is_local_multicast(group))
653 @@ -1325,7 +1438,7 @@ static void br_ip4_multicast_leave_group
654 br_group.proto = htons(ETH_P_IP);
657 - br_multicast_leave_group(br, port, &br_group);
658 + br_multicast_leave_group(br, port, &br_group, &br->ip4_querier, query);
661 #if IS_ENABLED(CONFIG_IPV6)
662 @@ -1335,15 +1448,18 @@ static void br_ip6_multicast_leave_group
665 struct br_ip br_group;
666 + struct bridge_mcast_query *query = port ? &port->ip6_query :
669 - if (!ipv6_is_transient_multicast(group))
671 + if (ipv6_addr_is_ll_all_nodes(group))
674 br_group.u.ip6 = *group;
675 br_group.proto = htons(ETH_P_IPV6);
678 - br_multicast_leave_group(br, port, &br_group);
679 + br_multicast_leave_group(br, port, &br_group, &br->ip6_querier, query);
683 @@ -1473,8 +1589,14 @@ static int br_multicast_ipv6_rcv(struct
684 * - MLD has always Router Alert hop-by-hop option
685 * - But we do not support jumbrograms.
687 - if (ip6h->version != 6 ||
688 - ip6h->nexthdr != IPPROTO_HOPOPTS ||
689 + if (ip6h->version != 6)
692 + /* Prevent flooding this packet if there is no listener present */
693 + if (!ipv6_addr_is_ll_all_nodes(&ip6h->daddr))
694 + BR_INPUT_SKB_CB(skb)->mrouters_only = 1;
696 + if (ip6h->nexthdr != IPPROTO_HOPOPTS ||
697 ip6h->payload_len == 0)
700 @@ -1605,19 +1727,32 @@ int br_multicast_rcv(struct net_bridge *
704 -static void br_multicast_query_expired(unsigned long data)
705 +static void br_multicast_query_expired(struct net_bridge *br,
706 + struct bridge_mcast_query *query)
708 + spin_lock(&br->multicast_lock);
709 + if (query->startup_sent < br->multicast_startup_query_count)
710 + query->startup_sent++;
712 + br_multicast_send_query(br, NULL, query);
713 + spin_unlock(&br->multicast_lock);
716 +static void br_ip4_multicast_query_expired(unsigned long data)
718 struct net_bridge *br = (void *)data;
720 - spin_lock(&br->multicast_lock);
721 - if (br->multicast_startup_queries_sent <
722 - br->multicast_startup_query_count)
723 - br->multicast_startup_queries_sent++;
724 + br_multicast_query_expired(br, &br->ip4_query);
727 - br_multicast_send_query(br, NULL, br->multicast_startup_queries_sent);
728 +#if IS_ENABLED(CONFIG_IPV6)
729 +static void br_ip6_multicast_query_expired(unsigned long data)
731 + struct net_bridge *br = (void *)data;
733 - spin_unlock(&br->multicast_lock);
734 + br_multicast_query_expired(br, &br->ip6_query);
738 void br_multicast_init(struct net_bridge *br)
740 @@ -1626,6 +1761,7 @@ void br_multicast_init(struct net_bridge
742 br->multicast_router = 1;
743 br->multicast_querier = 0;
744 + br->multicast_query_use_ifaddr = 0;
745 br->multicast_last_member_count = 2;
746 br->multicast_startup_query_count = 2;
748 @@ -1636,23 +1772,43 @@ void br_multicast_init(struct net_bridge
749 br->multicast_querier_interval = 255 * HZ;
750 br->multicast_membership_interval = 260 * HZ;
752 + br->ip4_querier.delay_time = 0;
753 +#if IS_ENABLED(CONFIG_IPV6)
754 + br->ip6_querier.delay_time = 0;
757 spin_lock_init(&br->multicast_lock);
758 setup_timer(&br->multicast_router_timer,
759 br_multicast_local_router_expired, 0);
760 - setup_timer(&br->multicast_querier_timer,
761 - br_multicast_querier_expired, (unsigned long)br);
762 - setup_timer(&br->multicast_query_timer, br_multicast_query_expired,
763 + setup_timer(&br->ip4_querier.timer, br_ip4_multicast_querier_expired,
765 + setup_timer(&br->ip4_query.timer, br_ip4_multicast_query_expired,
766 + (unsigned long)br);
767 +#if IS_ENABLED(CONFIG_IPV6)
768 + setup_timer(&br->ip6_querier.timer, br_ip6_multicast_querier_expired,
769 + (unsigned long)br);
770 + setup_timer(&br->ip6_query.timer, br_ip6_multicast_query_expired,
771 + (unsigned long)br);
775 -void br_multicast_open(struct net_bridge *br)
776 +static void __br_multicast_open(struct net_bridge *br,
777 + struct bridge_mcast_query *query)
779 - br->multicast_startup_queries_sent = 0;
780 + query->startup_sent = 0;
782 if (br->multicast_disabled)
785 - mod_timer(&br->multicast_query_timer, jiffies);
786 + mod_timer(&query->timer, jiffies);
789 +void br_multicast_open(struct net_bridge *br)
791 + __br_multicast_open(br, &br->ip4_query);
792 +#if IS_ENABLED(CONFIG_IPV6)
793 + __br_multicast_open(br, &br->ip6_query);
797 void br_multicast_stop(struct net_bridge *br)
798 @@ -1664,8 +1820,12 @@ void br_multicast_stop(struct net_bridge
801 del_timer_sync(&br->multicast_router_timer);
802 - del_timer_sync(&br->multicast_querier_timer);
803 - del_timer_sync(&br->multicast_query_timer);
804 + del_timer_sync(&br->ip4_querier.timer);
805 + del_timer_sync(&br->ip4_query.timer);
806 +#if IS_ENABLED(CONFIG_IPV6)
807 + del_timer_sync(&br->ip6_querier.timer);
808 + del_timer_sync(&br->ip6_query.timer);
811 spin_lock_bh(&br->multicast_lock);
812 mdb = mlock_dereference(br->mdb, br);
813 @@ -1767,18 +1927,24 @@ unlock:
817 -static void br_multicast_start_querier(struct net_bridge *br)
818 +static void br_multicast_start_querier(struct net_bridge *br,
819 + struct bridge_mcast_query *query)
821 struct net_bridge_port *port;
823 - br_multicast_open(br);
824 + __br_multicast_open(br, query);
826 list_for_each_entry(port, &br->port_list, list) {
827 if (port->state == BR_STATE_DISABLED ||
828 port->state == BR_STATE_BLOCKING)
831 - __br_multicast_enable_port(port);
832 + if (query == &br->ip4_query)
833 + br_multicast_enable(&port->ip4_query);
834 +#if IS_ENABLED(CONFIG_IPV6)
836 + br_multicast_enable(&port->ip6_query);
841 @@ -1813,7 +1979,10 @@ rollback:
845 - br_multicast_start_querier(br);
846 + br_multicast_start_querier(br, &br->ip4_query);
847 +#if IS_ENABLED(CONFIG_IPV6)
848 + br_multicast_start_querier(br, &br->ip6_query);
852 spin_unlock_bh(&br->multicast_lock);
853 @@ -1823,6 +1992,8 @@ unlock:
855 int br_multicast_set_querier(struct net_bridge *br, unsigned long val)
857 + unsigned long max_delay;
861 spin_lock_bh(&br->multicast_lock);
862 @@ -1830,8 +2001,22 @@ int br_multicast_set_querier(struct net_
865 br->multicast_querier = val;
867 - br_multicast_start_querier(br);
871 + max_delay = br->multicast_query_response_interval;
873 + if (!timer_pending(&br->ip4_querier.timer))
874 + br->ip4_querier.delay_time = jiffies + max_delay;
876 + br_multicast_start_querier(br, &br->ip4_query);
878 +#if IS_ENABLED(CONFIG_IPV6)
879 + if (!timer_pending(&br->ip6_querier.timer))
880 + br->ip6_querier.delay_time = jiffies + max_delay;
882 + br_multicast_start_querier(br, &br->ip6_query);
886 spin_unlock_bh(&br->multicast_lock);
887 --- a/net/bridge/br_private.h
888 +++ b/net/bridge/br_private.h
889 @@ -66,6 +66,20 @@ struct br_ip
893 +#ifdef CONFIG_BRIDGE_IGMP_SNOOPING
894 +/* our own querier */
895 +struct bridge_mcast_query {
896 + struct timer_list timer;
901 +struct bridge_mcast_querier {
902 + struct timer_list timer;
903 + unsigned long delay_time;
907 struct net_port_vlans {
910 @@ -159,10 +173,12 @@ struct net_bridge_port
911 #define BR_ADMIN_COST 0x00000010
913 #ifdef CONFIG_BRIDGE_IGMP_SNOOPING
914 - u32 multicast_startup_queries_sent;
915 + struct bridge_mcast_query ip4_query;
916 +#if IS_ENABLED(CONFIG_IPV6)
917 + struct bridge_mcast_query ip6_query;
918 +#endif /* IS_ENABLED(CONFIG_IPV6) */
919 unsigned char multicast_router;
920 struct timer_list multicast_router_timer;
921 - struct timer_list multicast_query_timer;
922 struct hlist_head mglist;
923 struct hlist_node rlist;
925 @@ -246,12 +262,12 @@ struct net_bridge
927 u8 multicast_disabled:1;
928 u8 multicast_querier:1;
929 + u8 multicast_query_use_ifaddr:1;
934 u32 multicast_last_member_count;
935 - u32 multicast_startup_queries_sent;
936 u32 multicast_startup_query_count;
938 unsigned long multicast_last_member_interval;
939 @@ -266,8 +282,12 @@ struct net_bridge
940 struct hlist_head router_list;
942 struct timer_list multicast_router_timer;
943 - struct timer_list multicast_querier_timer;
944 - struct timer_list multicast_query_timer;
945 + struct bridge_mcast_querier ip4_querier;
946 + struct bridge_mcast_query ip4_query;
947 +#if IS_ENABLED(CONFIG_IPV6)
948 + struct bridge_mcast_querier ip6_querier;
949 + struct bridge_mcast_query ip6_query;
950 +#endif /* IS_ENABLED(CONFIG_IPV6) */
953 struct timer_list hello_timer;
954 @@ -477,22 +497,35 @@ extern void br_mdb_notify(struct net_dev
955 #define mlock_dereference(X, br) \
956 rcu_dereference_protected(X, lockdep_is_held(&br->multicast_lock))
958 -#if IS_ENABLED(CONFIG_IPV6)
959 -#include <net/addrconf.h>
960 -static inline int ipv6_is_transient_multicast(const struct in6_addr *addr)
962 - if (ipv6_addr_is_multicast(addr) && IPV6_ADDR_MC_FLAG_TRANSIENT(addr))
968 static inline bool br_multicast_is_router(struct net_bridge *br)
970 return br->multicast_router == 2 ||
971 (br->multicast_router == 1 &&
972 timer_pending(&br->multicast_router_timer));
976 +__br_multicast_querier_exists(struct net_bridge *br,
977 + struct bridge_mcast_querier *querier)
979 + return time_is_before_jiffies(querier->delay_time) &&
980 + (br->multicast_querier || timer_pending(&querier->timer));
983 +static inline bool br_multicast_querier_exists(struct net_bridge *br,
984 + struct ethhdr *eth)
986 + switch (eth->h_proto) {
987 + case (htons(ETH_P_IP)):
988 + return __br_multicast_querier_exists(br, &br->ip4_querier);
989 +#if IS_ENABLED(CONFIG_IPV6)
990 + case (htons(ETH_P_IPV6)):
991 + return __br_multicast_querier_exists(br, &br->ip6_querier);
998 static inline int br_multicast_rcv(struct net_bridge *br,
999 struct net_bridge_port *port,
1000 @@ -549,6 +582,11 @@ static inline bool br_multicast_is_route
1004 +static inline bool br_multicast_querier_exists(struct net_bridge *br,
1005 + struct ethhdr *eth)
1009 static inline void br_mdb_init(void)
1012 --- a/net/bridge/br_sysfs_br.c
1013 +++ b/net/bridge/br_sysfs_br.c
1014 @@ -375,6 +375,31 @@ static ssize_t store_multicast_snooping(
1015 static DEVICE_ATTR(multicast_snooping, S_IRUGO | S_IWUSR,
1016 show_multicast_snooping, store_multicast_snooping);
1018 +static ssize_t show_multicast_query_use_ifaddr(struct device *d,
1019 + struct device_attribute *attr,
1022 + struct net_bridge *br = to_bridge(d);
1023 + return sprintf(buf, "%d\n", br->multicast_query_use_ifaddr);
1026 +static int set_query_use_ifaddr(struct net_bridge *br, unsigned long val)
1028 + br->multicast_query_use_ifaddr = !!val;
1033 +store_multicast_query_use_ifaddr(struct device *d,
1034 + struct device_attribute *attr,
1035 + const char *buf, size_t len)
1037 + return store_bridge_parm(d, buf, len, set_query_use_ifaddr);
1039 +static DEVICE_ATTR(multicast_query_use_ifaddr, S_IRUGO | S_IWUSR,
1040 + show_multicast_query_use_ifaddr,
1041 + store_multicast_query_use_ifaddr);
1043 static ssize_t show_multicast_querier(struct device *d,
1044 struct device_attribute *attr,
1046 @@ -734,6 +759,7 @@ static struct attribute *bridge_attrs[]
1047 &dev_attr_multicast_router.attr,
1048 &dev_attr_multicast_snooping.attr,
1049 &dev_attr_multicast_querier.attr,
1050 + &dev_attr_multicast_query_use_ifaddr.attr,
1051 &dev_attr_hash_elasticity.attr,
1052 &dev_attr_hash_max.attr,
1053 &dev_attr_multicast_last_member_count.attr,
1054 --- a/net/bridge/br_mdb.c
1055 +++ b/net/bridge/br_mdb.c
1057 #include <net/netlink.h>
1058 #if IS_ENABLED(CONFIG_IPV6)
1059 #include <net/ipv6.h>
1060 +#include <net/addrconf.h>
1063 #include "br_private.h"
1064 @@ -253,7 +254,7 @@ static bool is_valid_mdb_entry(struct br
1066 #if IS_ENABLED(CONFIG_IPV6)
1067 } else if (entry->addr.proto == htons(ETH_P_IPV6)) {
1068 - if (!ipv6_is_transient_multicast(&entry->addr.u.ip6))
1069 + if (ipv6_addr_is_ll_all_nodes(&entry->addr.u.ip6))
1073 @@ -414,16 +415,20 @@ static int __br_mdb_del(struct net_bridg
1074 if (!netif_running(br->dev) || br->multicast_disabled)
1077 - if (timer_pending(&br->multicast_querier_timer))
1080 ip.proto = entry->addr.proto;
1081 - if (ip.proto == htons(ETH_P_IP))
1082 + if (ip.proto == htons(ETH_P_IP)) {
1083 + if (timer_pending(&br->ip4_querier.timer))
1086 ip.u.ip4 = entry->addr.u.ip4;
1087 #if IS_ENABLED(CONFIG_IPV6)
1090 + if (timer_pending(&br->ip6_querier.timer))
1093 ip.u.ip6 = entry->addr.u.ip6;
1097 spin_lock_bh(&br->multicast_lock);
1098 mdb = mlock_dereference(br->mdb, br);
projects / openwrt.git / blob