bridge: multicast: enable snooping on general queries only

Without this check someone could easily create a denial of service by injecting multicast-specific queries to enable the bridge snooping part if no real querier issuing periodic general queries is present on the link which would result in the bridge wrongly shutting down ports for multicast traffic as the bridge did not learn about these listeners. With this patch the snooping code is enabled upon receiving valid, general queries only. Signed-off-by: Linus Lüssing <linus.luessing@web.de> Signed-off-by: David S. Miller <davem@davemloft.net>

bridge: multicast: enable snooping on general queries only
Without this check someone could easily create a denial of service by injecting multicast-specific queries to enable the bridge snooping part if no real querier issuing periodic general queries is present on the link which would result in the bridge wrongly shutting down ports for multicast traffic as the bridge did not learn about these listeners. With this patch the snooping code is enabled upon receiving valid, general queries only. Signed-off-by: Linus Lüssing <linus.luessing@web.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Lüssing · David S. Miller
1 parent 9ed973cc40
Showing 1 changed file with 5 additions and 3 deletions Side-by-side Diff
net/bridge/br_multicast.c
@@ -1127,9 +1127,10 @@
 					struct net_bridge_port *port,
 					struct bridge_mcast_querier *querier,
 					int saddr,
+					bool is_general_query,
 					unsigned long max_delay)
 {
-	if (saddr)
+	if (saddr && is_general_query)
 		br_multicast_update_querier_timer(br, querier, max_delay);
 	else if (timer_pending(&querier->timer))
 		return;
@@ -1190,7 +1191,7 @@
 	}
  
 	br_multicast_query_received(br, port, &br->ip4_querier, !!iph->saddr,
-				    max_delay);
+				    !group, max_delay);
  
 	if (!group)
 		goto out;
@@ -1282,7 +1283,8 @@
 	}
  
 	br_multicast_query_received(br, port, &br->ip6_querier,
-				    !ipv6_addr_any(&ip6h->saddr), max_delay);
+				    !ipv6_addr_any(&ip6h->saddr),
+				    is_general_query, max_delay);
  
 	if (!group)
 		goto out;
...	...	@@ -1127,9 +1127,10 @@
1127	1127	struct net_bridge_port *port,
1128	1128	struct bridge_mcast_querier *querier,
1129	1129	int saddr,
	1130	+ bool is_general_query,
1130	1131	unsigned long max_delay)
1131	1132	{
1132		- if (saddr)
	1133	+ if (saddr && is_general_query)
1133	1134	br_multicast_update_querier_timer(br, querier, max_delay);
1134	1135	else if (timer_pending(&querier->timer))
1135	1136	return;
...	...	@@ -1190,7 +1191,7 @@
1190	1191	}
1191	1192
1192	1193	br_multicast_query_received(br, port, &br->ip4_querier, !!iph->saddr,
1193		- max_delay);
	1194	+ !group, max_delay);
1194	1195
1195	1196	if (!group)
1196	1197	goto out;
...	...	@@ -1282,7 +1283,8 @@
1282	1283	}
1283	1284
1284	1285	br_multicast_query_received(br, port, &br->ip6_querier,
1285		- !ipv6_addr_any(&ip6h->saddr), max_delay);
	1286	+ !ipv6_addr_any(&ip6h->saddr),
	1287	+ is_general_query, max_delay);
1286	1288
1287	1289	if (!group)
1288	1290	goto out;