lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 30 Mar 2008 13:05:36 -0700
From:	David Stevens <dlstevens@...ibm.com>
To:	YOSHIFUJI Hideaki / 吉藤英明 
	<yoshfuji@...ux-ipv6.org>
Cc:	davem@...emloft.net, netdev@...r.kernel.org,
	yoshfuji@...ux-ipv6.org
Subject: Re: [PATCH 2.6] [IPV6] MCAST: Ensure to check multicast listener(s).

YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@...ux-ipv6.org> wrote on 03/30/2008 
07:12:47 AM:

> In article 
<OFA7B9706D.1E52ED5D-ON8825741C.004BE625-8825741C.004BFD53@...ibm.
> com> (at Sun, 30 Mar 2008 06:49:58 -0700), David Stevens 
<dlstevens@...ibm.com> says:
> 
> >  > After commit ae7bf20a6316272acfcaef5d265b18aaa54b41e4, all packets
> > > for multicast destinations are delivered to upper layer if
> > > IFF_PROMISC or IFF_ALLMULTI is set.
> > 
> >         Isn't that the intent of IFF_PROMISC and IFF_ALLMULTI?
> 
> Original intent for that flag check was for optimization.
> This was assuming, WITHOUT those flags, L2 appropriately filters
> unwanted multicast packets; not true.
> 
> L2 is expected to pass all multicast to L3, but even with those flags,
> we should filter them according to our listeners, upper layer
> (extension header etc.) should not see them.

Yoshifuji-san,
        I would assume that IFF_PROMISC or IFF_ALLMULTI means that an
INADDR_ANY listener would receive all multicasts on the link, not
just ones for groups that have been joined. This would be particularly
useful for older version multicast routers or monitoring programs.
Doesn't your change remove this capability?
        If the flags are not set, the check for group membership is
done. My concern is that when one or both are set, your change
appears to prevent delivery of multicasts that currently are
delivered, meaning that you can't write an application that, for
example, monitors all multicast packets, short of joining all
groups or using a packet socket. If the IFF_ALLMULTI flag isn't
equivalent, for INADDR_ANY-bound sockets, of joining all groups,
then I don't see that it has any purpose at all.

                                                                +-DLS

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ