* [PATCH net] Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address
@ 2016-06-24 10:35 Daniel Danzberger
2016-06-24 13:24 ` Linus Lüssing
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Daniel Danzberger @ 2016-06-24 10:35 UTC (permalink / raw)
To: bridge, netdev, linux-kernel
Cc: stephen, davem, linus.luessing, Daniel Danzberger
The bridge is falsly dropping ipv6 mulitcast packets if there is:
1. No ipv6 address assigned on the brigde.
2. No external mld querier present.
3. The internal querier enabled.
When the bridge fails to build mld queries, because it has no
ipv6 address, it slilently returns, but keeps the local querier enabled.
This specific case causes confusing packet loss.
Ipv6 multicast snooping can only work if:
a) An external querier is present
OR
b) The bridge has an ipv6 address an is capable of sending own queries
Otherwise it has to forward/flood the ipv6 multicast traffic,
because snooping cannot work.
This patch fixes the issue by adding a flag to the bridge struct that
indicates that there is currently no ipv6 address assinged to the bridge
and returns a false state for the local querier in
__br_multicast_querier_exists().
Special thanks to Linus Lüssing.
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
---
net/bridge/br_multicast.c | 4 ++++
net/bridge/br_private.h | 23 +++++++++++++++++++----
2 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 6852f3c..4384414 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -464,8 +464,11 @@ static struct sk_buff *br_ip6_multicast_alloc_query(struct net_bridge *br,
if (ipv6_dev_get_saddr(dev_net(br->dev), br->dev, &ip6h->daddr, 0,
&ip6h->saddr)) {
kfree_skb(skb);
+ br->has_ipv6_addr = 0;
return NULL;
}
+
+ br->has_ipv6_addr = 1;
ipv6_eth_mc_map(&ip6h->daddr, eth->h_dest);
hopopt = (u8 *)(ip6h + 1);
@@ -1745,6 +1748,7 @@ void br_multicast_init(struct net_bridge *br)
br->ip6_other_query.delay_time = 0;
br->ip6_querier.port = NULL;
#endif
+ br->has_ipv6_addr = 1;
spin_lock_init(&br->multicast_lock);
setup_timer(&br->multicast_router_timer,
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index c7fb5d7..52edecf 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -314,6 +314,7 @@ struct net_bridge
u8 multicast_disabled:1;
u8 multicast_querier:1;
u8 multicast_query_use_ifaddr:1;
+ u8 has_ipv6_addr:1;
u32 hash_elasticity;
u32 hash_max;
@@ -588,10 +589,22 @@ static inline bool br_multicast_is_router(struct net_bridge *br)
static inline bool
__br_multicast_querier_exists(struct net_bridge *br,
- struct bridge_mcast_other_query *querier)
+ struct bridge_mcast_other_query *querier,
+ const bool is_ipv6)
{
+ bool own_querier_enabled;
+
+ if (br->multicast_querier) {
+ if (is_ipv6 && !br->has_ipv6_addr)
+ own_querier_enabled = false;
+ else
+ own_querier_enabled = true;
+ } else {
+ own_querier_enabled = false;
+ }
+
return time_is_before_jiffies(querier->delay_time) &&
- (br->multicast_querier || timer_pending(&querier->timer));
+ (own_querier_enabled || timer_pending(&querier->timer));
}
static inline bool br_multicast_querier_exists(struct net_bridge *br,
@@ -599,10 +612,12 @@ static inline bool br_multicast_querier_exists(struct net_bridge *br,
{
switch (eth->h_proto) {
case (htons(ETH_P_IP)):
- return __br_multicast_querier_exists(br, &br->ip4_other_query);
+ return __br_multicast_querier_exists(br,
+ &br->ip4_other_query, false);
#if IS_ENABLED(CONFIG_IPV6)
case (htons(ETH_P_IPV6)):
- return __br_multicast_querier_exists(br, &br->ip6_other_query);
+ return __br_multicast_querier_exists(br,
+ &br->ip6_other_query, true);
#endif
default:
return false;
--
2.1.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH net] Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address
2016-06-24 10:35 [PATCH net] Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address Daniel Danzberger
@ 2016-06-24 13:24 ` Linus Lüssing
2016-06-25 14:20 ` Linus Lüssing
2016-06-28 9:48 ` David Miller
2 siblings, 0 replies; 6+ messages in thread
From: Linus Lüssing @ 2016-06-24 13:24 UTC (permalink / raw)
To: Daniel Danzberger; +Cc: bridge, netdev, linux-kernel, stephen, davem
On Fri, Jun 24, 2016 at 12:35:18PM +0200, Daniel Danzberger wrote:
> The bridge is falsly dropping ipv6 mulitcast packets if there is:
> 1. No ipv6 address assigned on the brigde.
> 2. No external mld querier present.
> 3. The internal querier enabled.
>
> When the bridge fails to build mld queries, because it has no
> ipv6 address, it slilently returns, but keeps the local querier enabled.
> This specific case causes confusing packet loss.
>
> Ipv6 multicast snooping can only work if:
> a) An external querier is present
> OR
> b) The bridge has an ipv6 address an is capable of sending own queries
>
> Otherwise it has to forward/flood the ipv6 multicast traffic,
> because snooping cannot work.
>
> This patch fixes the issue by adding a flag to the bridge struct that
> indicates that there is currently no ipv6 address assinged to the bridge
> and returns a false state for the local querier in
> __br_multicast_querier_exists().
Acked-by: Linus Lüssing <linus.luessing@c0d3.blue>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net] Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address
2016-06-24 10:35 [PATCH net] Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address Daniel Danzberger
2016-06-24 13:24 ` Linus Lüssing
@ 2016-06-25 14:20 ` Linus Lüssing
2016-06-28 12:04 ` David Miller
2016-06-28 9:48 ` David Miller
2 siblings, 1 reply; 6+ messages in thread
From: Linus Lüssing @ 2016-06-25 14:20 UTC (permalink / raw)
To: Daniel Danzberger
Cc: bridge, netdev, linux-kernel, stephen, davem, Ulrich Weber, Ulrich Weber
On Fri, Jun 24, 2016 at 12:35:18PM +0200, Daniel Danzberger wrote:
> The bridge is falsly dropping ipv6 mulitcast packets if there is:
> 1. No ipv6 address assigned on the brigde.
> 2. No external mld querier present.
> 3. The internal querier enabled.
>
> When the bridge fails to build mld queries, because it has no
> ipv6 address, it slilently returns, but keeps the local querier enabled.
> This specific case causes confusing packet loss.
>
> Ipv6 multicast snooping can only work if:
> a) An external querier is present
> OR
> b) The bridge has an ipv6 address an is capable of sending own queries
>
> Otherwise it has to forward/flood the ipv6 multicast traffic,
> because snooping cannot work.
>
> This patch fixes the issue by adding a flag to the bridge struct that
> indicates that there is currently no ipv6 address assinged to the bridge
> and returns a false state for the local querier in
> __br_multicast_querier_exists().
Fixes: 1d81d4c3dd88 ("bridge: check return value of ipv6_dev_get_saddr()")
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net] Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address
2016-06-24 10:35 [PATCH net] Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address Daniel Danzberger
2016-06-24 13:24 ` Linus Lüssing
2016-06-25 14:20 ` Linus Lüssing
@ 2016-06-28 9:48 ` David Miller
2 siblings, 0 replies; 6+ messages in thread
From: David Miller @ 2016-06-28 9:48 UTC (permalink / raw)
To: daniel; +Cc: bridge, netdev, linux-kernel, stephen, linus.luessing
From: Daniel Danzberger <daniel@dd-wrt.com>
Date: Fri, 24 Jun 2016 12:35:18 +0200
> The bridge is falsly dropping ipv6 mulitcast packets if there is:
> 1. No ipv6 address assigned on the brigde.
> 2. No external mld querier present.
> 3. The internal querier enabled.
>
> When the bridge fails to build mld queries, because it has no
> ipv6 address, it slilently returns, but keeps the local querier enabled.
> This specific case causes confusing packet loss.
>
> Ipv6 multicast snooping can only work if:
> a) An external querier is present
> OR
> b) The bridge has an ipv6 address an is capable of sending own queries
>
> Otherwise it has to forward/flood the ipv6 multicast traffic,
> because snooping cannot work.
>
> This patch fixes the issue by adding a flag to the bridge struct that
> indicates that there is currently no ipv6 address assinged to the bridge
> and returns a false state for the local querier in
> __br_multicast_querier_exists().
>
> Special thanks to Linus Lüssing.
>
> Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
Applied.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net] Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address
2016-06-25 14:20 ` Linus Lüssing
@ 2016-06-28 12:04 ` David Miller
2016-06-28 13:22 ` Linus Lüssing
0 siblings, 1 reply; 6+ messages in thread
From: David Miller @ 2016-06-28 12:04 UTC (permalink / raw)
To: linus.luessing
Cc: daniel, bridge, netdev, linux-kernel, stephen, uw, ulrich.weber
From: Linus Lüssing <linus.luessing@c0d3.blue>
Date: Sat, 25 Jun 2016 16:20:28 +0200
> On Fri, Jun 24, 2016 at 12:35:18PM +0200, Daniel Danzberger wrote:
>> The bridge is falsly dropping ipv6 mulitcast packets if there is:
>> 1. No ipv6 address assigned on the brigde.
>> 2. No external mld querier present.
>> 3. The internal querier enabled.
>>
>> When the bridge fails to build mld queries, because it has no
>> ipv6 address, it slilently returns, but keeps the local querier enabled.
>> This specific case causes confusing packet loss.
>>
>> Ipv6 multicast snooping can only work if:
>> a) An external querier is present
>> OR
>> b) The bridge has an ipv6 address an is capable of sending own queries
>>
>> Otherwise it has to forward/flood the ipv6 multicast traffic,
>> because snooping cannot work.
>>
>> This patch fixes the issue by adding a flag to the bridge struct that
>> indicates that there is currently no ipv6 address assinged to the bridge
>> and returns a false state for the local querier in
>> __br_multicast_querier_exists().
>
> Fixes: 1d81d4c3dd88 ("bridge: check return value of ipv6_dev_get_saddr()")
You're missing an initial 'd' in that SHA1-ID.
With that fixed, applied and queued up for -stable.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net] Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address
2016-06-28 12:04 ` David Miller
@ 2016-06-28 13:22 ` Linus Lüssing
0 siblings, 0 replies; 6+ messages in thread
From: Linus Lüssing @ 2016-06-28 13:22 UTC (permalink / raw)
To: David Miller
Cc: daniel, bridge, netdev, linux-kernel, stephen, uw, ulrich.weber
On Tue, Jun 28, 2016 at 08:04:42AM -0400, David Miller wrote:
> From: Linus Lüssing <linus.luessing@c0d3.blue>
> [...]
> > Fixes: 1d81d4c3dd88 ("bridge: check return value of ipv6_dev_get_saddr()")
>
> You're missing an initial 'd' in that SHA1-ID.
>
> With that fixed, applied and queued up for -stable.
Sorry :(. Thanks for taking care of it!
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-06-28 13:22 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-24 10:35 [PATCH net] Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address Daniel Danzberger
2016-06-24 13:24 ` Linus Lüssing
2016-06-25 14:20 ` Linus Lüssing
2016-06-28 12:04 ` David Miller
2016-06-28 13:22 ` Linus Lüssing
2016-06-28 9:48 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).