lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Jul 2017 11:30:54 -0400 From: Vivien Didelot <vivien.didelot@...oirfairelinux.com> To: Andrew Lunn <andrew@...n.ch>, Elad Raz <eladr@...lanox.com>, Ido Schimmel <idosch@...lanox.com>, Jiri Pirko <jiri@...lanox.com>, Nikolay Aleksandrov <nikolay@...ulusnetworks.com> Cc: netdev <netdev@...r.kernel.org>, Florian Fainelli <f.fainelli@...il.com> Subject: Re: IGMP snooping, switchdev and local multicast receiver on br interface Hi All, Andrew Lunn <andrew@...n.ch> writes: > I've been testing IGMP snooping support with DSA, putting MDB entries > into the switch so that traffic only goes out ports where there has > been an interest indicated via IGMP. It mostly works, but i've come > across one use case which does not. > > I have a multicast listener running on the host, performing a > setsockopt(IP_ADD_MEMBERSHIP) on the bridge interface. It is not an > unreasonable thing to want to do, e.g. a WiFi access point listening > to mDNS, or running other multicast protocols, a STB wanting to > receive a multicast video stream to display on the set, etc. > > I'm not seeing any switchdev operations when the IP_ADD_MEMBERSHIP is > called. So there is no indication that the switch should add an MDB > entry to forward traffic to the host. > > Im i missing something, or is this not implemented? I follow Andrew's question with another multicast issue I'm having: It seems like there is no way to add a multicast group via its MAC address. All iproute2 and kernel bridge code assumes IP multicast (0x0800 IPv4 and 0x86DD IPv6.) But there are valid cases where you might want to add an L2 multicast group on a specific VLAN ID, e.g. for 0x88F7 PTP, 0x88BA Multicast sampled values, one of the 802.1D reserved 01-80-C2-* addresses, or any proprietary protocol addresses. There is the ip-maddress VLAN-unaware tool using RTM_NEWADDR which isn't bound to switchdev, or bridge-mdb which only accepts a IPv4 or IPv6 grp. I tried to hack a PoC in iproute2 (http://ix.io/yuJ) but the kernel counterpart is not trivial at all. *br_mdb_entry only play with br_ip... Any thoughts on this? Regards, Vivien
Powered by blists - more mailing lists