lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 17 Jun 2011 13:39:01 +0900
From:	Fernando Luis Vazquez Cao <fernando@....ntt.co.jp>
To:	David Miller <davem@...emloft.net>
Cc:	herbert@...dor.hengli.com.au, shemminger@...tta.com,
	netdev@...r.kernel.org, kakuta.hayato@....ntt.co.jp
Subject: Re: [PATCH 1/2] IGMP snooping: set mrouters_only flag for IPv4
 traffic properly

David Miller <davem@...emloft.net> wrote:
> From: Fernando Luis Vázquez Cao <fernando@....ntt.co.jp>
> Date: Tue, 14 Jun 2011 10:04:43 +0900
> 
> > Upon reception of a IGMP/IGMPv2 membership report the kernel sets the
> > mrouters_only flag in a skb that may be a clone of the original skb, which
> > means that sometimes the bridge loses track of membership report packets (cb
> > buffers are tied to a specific skb and not shared) and it ends up forwading
> > join requests to the bridge interface.
> > 
> > This can cause unexpected membership timeouts and intermitent/permanent loss
> > of connectivity as described in RFC 4541 [2.1.1. IGMP Forwarding Rules]:
> > 
> >     A snooping switch should forward IGMP Membership Reports only to
> >     those ports where multicast routers are attached.
> >     [...]
> >     Sending membership reports to other hosts can result, for IGMPv1
> >     and IGMPv2, in unintentionally preventing a host from joining a
> >     specific multicast group.
> > 
> > 
> > Signed-off-by: Fernando Luis Vazquez Cao <fernando@....ntt.co.jp>
> > Tested-by: Hayato Kakuta <kakuta.hayato@....ntt.co.jp>
> 
> Applied.

Thank you David.

By the way, What kernel version(s) are you targeting for these two
patches. It would be great if we could get them upstream before 3.0
comes out. Without this fix the IGMP snooping code is simply unusable in
certain configurations.

- Fernando

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ