lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Sat, 23 Feb 2013 18:18:56 +0000
From:	Adam Baker <linux@...er-net.org.uk>
To:	herbert@...dor.apana.org.au
CC:	Stephen Hemminger <shemminger@...tta.com>,
	bridge@...ts.linux-foundation.org, netdev@...r.kernel.org
Subject: Problem with multicast traffic when using network bridging

After upgrading the kernel on the box that acts as a bridge between my 
wireless and wired networks I observed that access to my UPnP media 
servers became unreliable.

I tried a number of kernel versions to attempt to establish when things 
went wrong and got as far as

3.4 - works
3.5.7 - doesn't work
3.6.11 - doesn't work
3.7.1 - doesn't work
3.7.6 - doesn't work

I can test other versions if required but it doesn't always fail 
instantly and sometimes takes several hours before I notice it has 
failed so don't expect a quick response

All of the above are built with
CONFIG_BRIDGE_IGMP_SNOOPING=y

Knowing that I wasn't having problems with other traffic and the UPnP 
was the only protocol I use that relies on multicast I started looking 
at what changed in the file net/bridge/br_multicast.c and found the patch

bridge: Add multicast_querier toggle and disable queries by default
http://patchwork.ozlabs.org/patch/152295/

so tried

echo 1 >/sys/class/net/br0/bridge/multicast_querier

and after 48 hours of testing running kernel 3.7.6 it seems to be 
working reliably.

Whilst setting that value manually at boot time would be adequate to 
meet my needs it is reasonable to assume that vendors will build 
wireless access points using new kernels that would also exhibit this 
behaviour and users may not be able to get at the internals easily to 
change this configuration.

I therefore suspect that the assumption this patch makes that generating 
queries in the bridge is only an optimisation and isn't necessary isn't 
universally true.

Other details about my network configuration that may be relevant:
There are 2 UPnP media servers, one on the bridge machine and one on a 
machine on the wired network
There are 1 or 2 UPnP media control point / renderers, both on the 
wireless network
As I'm not using multicast on offsite links the IGMP proxy setting is 
disabled on my ADSL router (which is connected to the wired network)

Things I think are irrelevant but I'll mention just in case:
Bridge machine is a Marvell Kirkwood ARM5TE CPU
The wired network includes some homeplug connections

Have I done something unreasonable with my configuration or have I found 
a bug?

Thanks

Adam Baker
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ