lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20110608084434.28bfc18c@nehalam.ftrdhcpuser.net>
Date:	Wed, 8 Jun 2011 08:44:34 -0700
From:	Stephen Hemminger <shemminger@...ux-foundation.org>
To:	Herbert Xu <herbert@...dor.hengli.com.au>
Cc:	netdev@...r.kernel.org
Subject: Fw: [Bridge] IGMP snooping not filtering multicast messages



Begin forwarded message:

Date: Tue, 31 May 2011 19:48:52 +0200 (CEST)
From: "maxd@...ind.it" <maxd@...ind.it>
To: bridge@...ts.linux-foundation.org
Subject: [Bridge] IGMP snooping not filtering multicast messages


Hi. I have a partial mesh network composed by Linux nodes. Each linux node may 
have up to 4 ethernet interfaces, which are exploited to create point-to-point 
connections with other linux nodes. I have bridged the ethernet interfaces in 
each node, so that the whole network, which is physically composed by a set of 
network segments, appears as a single layer-2 domain. I have enabled spanning 
tree to avoid loops. In this scenario, I would like to exploit the IGMP 
snooping functionality, but it seems that it is not working properly. I am 
using iperf to set a multicast source (iperf client) and a few multicast sinks 
in the network (iperf servers). I am using tcpdump, instead, to check where 
multicast messages are received. What I notice is that there is apparently no 
filtering of the multicast messages, that are always flooded in the network. I 
tried to repeat the test varying the multicast address (paying attention not to 
get reserved addresses), with and without multicast clients set, with the 
multicast_router option set to 1 (default) and to 0. To double check that IGMP 
is working, I have also tried to disable it; the only difference I see is that 
tcpdump does not show IGMP query messages when the IGMP snooping is disabled. 
So, I am wondering if the IGMP snooping implementation currently available can 
deal with my scenario. In particular, I would stress the following points that 
I think might be relevant:
-I have no multicast router in my network (it looks like a single stand-alone 
lan)
-Each node acts as a bridge, so I have multiple bridges in my network, 
connected each other.
Any idea would be greatly appreciated!

Massimiliano
_______________________________________________
Bridge mailing list
Bridge@...ts.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/bridge
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ