lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Apr 2009 16:44:45 -0400 From: Neil Horman <nhorman@...driver.com> To: Christoph Lameter <cl@...ux.com> Cc: netdev@...r.kernel.org, David Miller <davem@...emloft.net> Subject: Re: [PATCH] Multicast: Avoid useless duplication of multicast messages On Tue, Apr 14, 2009 at 02:48:48PM -0400, Christoph Lameter wrote: > Neil: Could you test this? > I can and will, although it will take me a few days to get a system I can play with it on. I really don't think it needs much testing as it clearly provides the functionality that you describe. That said, I still disagree with the addition of this switch, as its superfolous. Programatically an application can do what you want without this change already .If you provide me with the test application that you've been working with, I can demonstrate exactly how. Regards Neil > > Subject: Multicast: Avoid useless duplication of multicast messages > > If two processes open the same port as a multicast socket and then > join two different multicast groups then traffic for both multicast groups > is forwarded to either process. This means that application will get surprising > data that they did not ask for. Applications will have to filter these out in > order to work correctly if multiple apps run on the same system. > > These are pretty strange semantics but they have been around since the > beginning of multicast support on Unix systems. > > Add an option > > igmp_mc_socket_based_filtering > > that is off by default so that the default behavior stays as is. > > If one wants to have sane multicast behavior for the above case > then this option can be set. Thereupon applications will not get > additional traffic forwarded to them if they happen to run on a host > where another application also receives multicast traffic from a > different multicast group. > > Signed-off-by: Christoph Lameter <cl@...ux.com> > > --- > Documentation/networking/ip-sysctl.txt | 10 ++++++++++ > include/linux/igmp.h | 1 + > include/linux/sysctl.h | 1 + > net/ipv4/igmp.c | 6 +++--- > net/ipv4/sysctl_net_ipv4.c | 8 ++++++++ > 5 files changed, 23 insertions(+), 3 deletions(-) > > Index: linux-2.6/net/ipv4/igmp.c > =================================================================== > --- linux-2.6.orig/net/ipv4/igmp.c 2009-04-14 13:03:14.000000000 -0500 > +++ linux-2.6/net/ipv4/igmp.c 2009-04-14 13:11:38.000000000 -0500 > @@ -1419,7 +1419,7 @@ static struct in_device *ip_mc_find_dev( > */ > int sysctl_igmp_max_memberships __read_mostly = IP_MAX_MEMBERSHIPS; > int sysctl_igmp_max_msf __read_mostly = IP_MAX_MSF; > - > +int sysctl_igmp_mc_socket_based_filtering = 0; > > static int ip_mc_del1_src(struct ip_mc_list *pmc, int sfmode, > __be32 *psfsrc) > @@ -2187,7 +2187,7 @@ int ip_mc_sf_allow(struct sock *sk, __be > struct ip_sf_socklist *psl; > int i; > > - if (!ipv4_is_multicast(loc_addr)) > + if (ipv4_is_lbcast(loc_addr) || !ipv4_is_multicast(loc_addr)) > return 1; > > for (pmc=inet->mc_list; pmc; pmc=pmc->next) { > @@ -2196,7 +2196,7 @@ int ip_mc_sf_allow(struct sock *sk, __be > break; > } > if (!pmc) > - return 1; > + return !sysctl_igmp_mc_socket_based_filtering; > psl = pmc->sflist; > if (!psl) > return pmc->sfmode == MCAST_EXCLUDE; > Index: linux-2.6/include/linux/igmp.h > =================================================================== > --- linux-2.6.orig/include/linux/igmp.h 2009-04-14 13:13:14.000000000 -0500 > +++ linux-2.6/include/linux/igmp.h 2009-04-14 13:41:14.000000000 -0500 > @@ -150,6 +150,7 @@ static inline struct igmpv3_query * > > extern int sysctl_igmp_max_memberships; > extern int sysctl_igmp_max_msf; > +extern int sysctl_igmp_mc_socket_based_filtering; > > struct ip_sf_socklist > { > Index: linux-2.6/include/linux/sysctl.h > =================================================================== > --- linux-2.6.orig/include/linux/sysctl.h 2009-04-14 13:15:57.000000000 -0500 > +++ linux-2.6/include/linux/sysctl.h 2009-04-14 13:16:49.000000000 -0500 > @@ -435,6 +435,7 @@ enum > NET_TCP_ALLOWED_CONG_CONTROL=123, > NET_TCP_MAX_SSTHRESH=124, > NET_TCP_FRTO_RESPONSE=125, > + NET_IPV4_IGMP_MC_SOCKET_BASED_FILTERING=126, > }; > > enum { > Index: linux-2.6/net/ipv4/sysctl_net_ipv4.c > =================================================================== > --- linux-2.6.orig/net/ipv4/sysctl_net_ipv4.c 2009-04-14 13:13:53.000000000 -0500 > +++ linux-2.6/net/ipv4/sysctl_net_ipv4.c 2009-04-14 13:15:44.000000000 -0500 > @@ -408,6 +408,14 @@ static struct ctl_table ipv4_table[] = { > .mode = 0644, > .proc_handler = proc_dointvec > }, > + { > + .ctl_name = NET_IPV4_IGMP_MC_SOCKET_BASED_FILTERING, > + .procname = "igmp_mc_socked_based_filtering", > + .data = &sysctl_igmp_mc_socket_based_filtering, > + .maxlen = sizeof(int), > + .mode = 0644, > + .proc_handler = proc_dointvec > + }, > > #endif > { > Index: linux-2.6/Documentation/networking/ip-sysctl.txt > =================================================================== > --- linux-2.6.orig/Documentation/networking/ip-sysctl.txt 2009-04-14 13:48:09.000000000 -0500 > +++ linux-2.6/Documentation/networking/ip-sysctl.txt 2009-04-14 13:53:10.000000000 -0500 > @@ -611,6 +611,16 @@ igmp_max_memberships - INTEGER > Change the maximum number of multicast groups we can subscribe to. > Default: 20 > > +igmp_mc_socket_based_filtering - INTEGER > + Use the list of subscribed multicast addresses to filter the traffic > + going to a multicast socket. If set to zero then multicast traffic > + is forwarded to any socket subscribed to a port number ignoring the > + list of multicast groups that a socket has been subscribed to. This mode > + is the default since it has been done that way in the past. > + If set to one then only multicast traffic of the multicast groups > + that a socket has joined are forwarded to the socket. > + Default: 0 > + > conf/interface/* changes special settings per interface (where "interface" is > the name of your network interface) > conf/all/* is special, changes the settings for all interfaces > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists