lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 18 Feb 2019 11:18:29 +0100
From:   Sebastian Gottschall <s.gottschall@...media-net.de>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Ying Xu <yinxu@...hat.com>, Hangbin Liu <liuhangbin@...il.com>,
        Nikolay Aleksandrov <nikolay@...ulusnetworks.com>,
        Roopa Prabhu <roopa@...ulusnetworks.com>,
        "David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH 4.19 01/24] bridge: do not add port to router list when
 receives query with source 0.0.0.0


Am 17.02.2019 um 17:48 schrieb Greg Kroah-Hartman:
> On Sun, Feb 17, 2019 at 03:29:22PM +0100, Sebastian Gottschall wrote:
>> according to user reports this patch will cause a serious regression. 
>> igmp
>> snooping is not working anymore with this patch
>>
>> Am 02.11.2018 um 19:34 schrieb Greg Kroah-Hartman:
>>> 4.19-stable review patch.  If anyone has any objections, please let 
>>> me know.
>>>
>>> ------------------
>>>
>>> From: Hangbin Liu <liuhangbin@...il.com>
>>>
>>> [ Upstream commit 5a2de63fd1a59c30c02526d427bc014b98adf508 ]
>>>
>>> Based on RFC 4541, 2.1.1.  IGMP Forwarding Rules
>>>
>>>     The switch supporting IGMP snooping must maintain a list of
>>>     multicast routers and the ports on which they are attached.  This
>>>     list can be constructed in any combination of the following ways:
>>>
>>>     a) This list should be built by the snooping switch sending
>>>        Multicast Router Solicitation messages as described in IGMP
>>>        Multicast Router Discovery [MRDISC].  It may also snoop
>>>        Multicast Router Advertisement messages sent by and to other
>>>        nodes.
>>>
>>>     b) The arrival port for IGMP Queries (sent by multicast routers)
>>>        where the source address is not 0.0.0.0.
>>>
>>> We should not add the port to router list when receives query with 
>>> source
>>> 0.0.0.0.
>>>
>>> Reported-by: Ying Xu <yinxu@...hat.com>
>>> Signed-off-by: Hangbin Liu <liuhangbin@...il.com>
>>> Acked-by: Nikolay Aleksandrov <nikolay@...ulusnetworks.com>
>>> Acked-by: Roopa Prabhu <roopa@...ulusnetworks.com>
>>> Signed-off-by: David S. Miller <davem@...emloft.net>
>>> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
>>> ---
>>>    net/bridge/br_multicast.c |   10 +++++++++-
>>>    1 file changed, 9 insertions(+), 1 deletion(-)
>>>
>>> --- a/net/bridge/br_multicast.c
>>> +++ b/net/bridge/br_multicast.c
>>> @@ -1420,7 +1420,15 @@ static void br_multicast_query_received(
>>>            return;
>>>        br_multicast_update_query_timer(br, query, max_delay);
>>> -    br_multicast_mark_router(br, port);
>>> +
>>> +    /* Based on RFC4541, section 2.1.1 IGMP Forwarding Rules,
>>> +     * the arrival port for IGMP Queries where the source address
>>> +     * is 0.0.0.0 should not be added to router port list.
>>> +     */
>>> +    if ((saddr->proto == htons(ETH_P_IP) && saddr->u.ip4) ||
>>> +        (saddr->proto == htons(ETH_P_IPV6) &&
>>> +         !ipv6_addr_any(&saddr->u.ip6)))
>>> +        br_multicast_mark_router(br, port);
>>>    }
>>>    static void br_ip4_multicast_query(struct net_bridge *br,
> Is this also a problem in 4.20?  This patch went into 4.20-rc1, so it
> has been around for a while with no reported issues that I can find.
> Any pointers to the reports?

i need to check this. i found this patch in 4.9, 4.14 and 4.4
the rest was picked up from the mailinglist. according to the git 
sources of 4.20 and 5.0 the same code is in there as well

i just got the report from users today and was able to reproduce it with 
iptv streams. just by disabling the code it was working again.

Sebastian
>
> thanks,
>
> greg k-h
>

Powered by blists - more mailing lists