5ab4a6c81e
The below "jumbo" patch fixes the following problems in MLDv2. 1) Add necessary "ntohs" to recent "pskb_may_pull" check [breaks all nonzero source queries on little-endian (!)] 2) Add locking to source filter list [resend of prior patch] 3) fix "mld_marksources()" to a) send nothing when all queried sources are excluded b) send full exclude report when source queried sources are not excluded c) don't schedule a timer when there's nothing to report NOTE: RFC 3810 specifies the source list should be saved and each source reported individually as an IS_IN. This is an obvious DOS path, requiring the host to store and then multicast as many sources as are queried (e.g., millions...). This alternative sends a full, relevant report that's limited to number of sources present on the machine. 4) fix "add_grec()" to send empty-source records when it should The original check doesn't account for a non-empty source list with all sources inactive; the new code keeps that short-circuit case, and also generates the group header with an empty list if needed. 5) fix mca_crcount decrement to be after add_grec(), which needs its original value These issues (other than item #1 ;-) ) were all found by Yan Zheng, much thanks! Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
---|---|---|
.. | ||
netfilter | ||
Kconfig | ||
Makefile | ||
addrconf.c | ||
af_inet6.c | ||
ah6.c | ||
anycast.c | ||
datagram.c | ||
esp6.c | ||
exthdrs.c | ||
exthdrs_core.c | ||
icmp.c | ||
inet6_hashtables.c | ||
ip6_fib.c | ||
ip6_flowlabel.c | ||
ip6_input.c | ||
ip6_output.c | ||
ip6_tunnel.c | ||
ipcomp6.c | ||
ipv6_sockglue.c | ||
ipv6_syms.c | ||
mcast.c | ||
ndisc.c | ||
netfilter.c | ||
proc.c | ||
protocol.c | ||
raw.c | ||
reassembly.c | ||
route.c | ||
sit.c | ||
sysctl_net_ipv6.c | ||
tcp_ipv6.c | ||
udp.c | ||
xfrm6_input.c | ||
xfrm6_output.c | ||
xfrm6_policy.c | ||
xfrm6_state.c | ||
xfrm6_tunnel.c |