linux/net/bridge
Linus Lüssing 6565b9eeef bridge: multicast: add sanity check for query source addresses
MLD queries are supposed to have an IPv6 link-local source address
according to RFC2710, section 4 and RFC3810, section 5.1.14. This patch
adds a sanity check to ignore such broken MLD queries.

Without this check, such malformed MLD queries can result in a
denial of service: The queries are ignored by any MLD listener
therefore they will not respond with an MLD report. However,
without this patch these malformed MLD queries would enable the
snooping part in the bridge code, potentially shutting down the
according ports towards these hosts for multicast traffic as the
bridge did not learn about these listeners.

Reported-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Reviewed-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-03-05 20:40:24 -05:00
..
netfilter netfilter: nf_tables: rename nft_do_chain_pktinfo() to nft_do_chain() 2014-01-09 20:17:16 +01:00
br_device.c bridge: Change local fdb entries whenever mac address of bridge device changes 2014-02-10 14:34:33 -08:00
br_fdb.c bridge: Prevent possible race condition in br_fdb_change_mac_address 2014-02-10 14:34:34 -08:00
br_forward.c bridge: remove unnecessary parentheses 2013-12-19 19:27:26 -05:00
br_if.c bridge: Change local fdb entries whenever mac address of bridge device changes 2014-02-10 14:34:33 -08:00
br_input.c bridge: Fix the way to find old local fdb entries in br_fdb_changeaddr 2014-02-10 14:34:33 -08:00
br_ioctl.c bridge: add space before '(/{', after ',', etc. 2013-12-19 19:27:26 -05:00
br_mdb.c Revert "bridge: only expire the mdb entry when query is received" 2013-10-22 14:41:02 -04:00
br_multicast.c bridge: multicast: add sanity check for query source addresses 2014-03-05 20:40:24 -05:00
br_netfilter.c bridge: change "foo* bar" to "foo *bar" 2013-12-19 19:27:26 -05:00
br_netlink.c netlink: cleanup rntl_af_register 2014-01-01 23:42:19 -05:00
br_notify.c net: convert resend IGMP to notifier event 2013-07-23 16:52:47 -07:00
br_private_stp.h net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
br_private.h bridge: Properly check if local fdb entry can be deleted when deleting vlan 2014-02-10 14:34:34 -08:00
br_stp_bpdu.c br: fix use of ->rx_handler_data in code executed on non-rx_handler path 2013-12-06 15:41:40 -05:00
br_stp_if.c bridge: Change local fdb entries whenever mac address of bridge device changes 2014-02-10 14:34:33 -08:00
br_stp_timer.c bridge: add space before '(/{', after ',', etc. 2013-12-19 19:27:26 -05:00
br_stp.c bridge: Clamp forward_delay when enabling STP 2013-09-12 23:32:14 -04:00
br_sysfs_br.c bridge: use DEVICE_ATTR_xx macros 2014-01-06 16:40:46 -05:00
br_sysfs_if.c bridge: change "foo* bar" to "foo *bar" 2013-12-19 19:27:26 -05:00
br_vlan.c bridge: Properly check if local fdb entry can be deleted when deleting vlan 2014-02-10 14:34:34 -08:00
br.c bridge: move br_net_exit() to br.c 2014-01-13 23:42:39 -08:00
Kconfig bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
Makefile bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00