From: Stephen Hemminger <stephen@networkplumber.org>
To: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Cc: netdev@vger.kernel.org, roopa@cumulusnetworks.com,
bridge@lists.linux-foundation.org, yinxu@redhat.com,
liuhangbin@gmail.com, davem@davemloft.net
Subject: Re: [Bridge] [PATCH net] net: bridge: remove ipv6 zero address check in mcast queries
Date: Sun, 28 Oct 2018 08:20:23 -0700 [thread overview]
Message-ID: <20181028082023.222fac71@xeon-e3> (raw)
In-Reply-To: <20181027090747.22104-1-nikolay@cumulusnetworks.com>
On Sat, 27 Oct 2018 12:07:47 +0300
Nikolay Aleksandrov <nikolay@cumulusnetworks.com> wrote:
> Recently a check was added which prevents marking of routers with zero
> source address, but for IPv6 that cannot happen as the relevant RFCs
> actually forbid such packets:
> RFC 2710 (MLDv1):
> "To be valid, the Query message MUST
> come from a link-local IPv6 Source Address, be at least 24 octets
> long, and have a correct MLD checksum."
>
> Same goes for RFC 3810.
>
> And also it can be seen as a requirement in ipv6_mc_check_mld_query()
> which is used by the bridge to validate the message before processing
> it. Thus any queries with :: source address won't be processed anyway.
> So just remove the check for zero IPv6 source address from the query
> processing function.
>
> Fixes: 5a2de63fd1a5 ("bridge: do not add port to router list when receives query with source 0.0.0.0")
> Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
What about a broken/malicious sender? Could an all zero source be used
to poison the multicast table?
next prev parent reply other threads:[~2018-10-28 15:20 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-27 0:50 [net:master 17/19] net//bridge/br_multicast.c:1432:32: error: 'union <anonymous>' has no member named 'ip6'; did you mean 'ip4'? kbuild test robot
2018-10-27 7:10 ` Nikolay Aleksandrov
2018-10-27 9:07 ` [Bridge] [PATCH net] net: bridge: remove ipv6 zero address check in mcast queries Nikolay Aleksandrov
2018-10-27 9:07 ` Nikolay Aleksandrov
2018-10-28 15:20 ` Stephen Hemminger [this message]
2018-10-28 16:09 ` [Bridge] " Nikolay Aleksandrov
2018-10-29 1:33 ` Hangbin Liu
2018-10-29 1:33 ` Hangbin Liu
2018-12-13 16:10 ` [Bridge] " Linus Lüssing
2018-12-13 16:10 ` Linus Lüssing
2018-12-14 2:32 ` Ying Xu
2018-12-14 2:32 ` Ying Xu
2018-12-17 13:15 ` [Bridge] " Linus Lüssing
2018-12-17 13:15 ` Linus Lüssing
2019-02-21 8:01 ` Hangbin Liu
2019-02-21 8:01 ` Hangbin Liu
2019-02-21 13:20 ` Nikolay Aleksandrov
2019-02-21 13:20 ` Nikolay Aleksandrov
2019-02-22 7:57 ` Hangbin Liu
2019-02-22 7:57 ` Hangbin Liu
2019-02-22 11:16 ` Nikolay Aleksandrov
2019-02-22 11:16 ` Nikolay Aleksandrov
2019-02-22 12:49 ` Hangbin Liu
2019-02-22 12:49 ` Hangbin Liu
2018-10-29 2:18 ` David Miller
2018-10-29 2:18 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181028082023.222fac71@xeon-e3 \
--to=stephen@networkplumber.org \
--cc=bridge@lists.linux-foundation.org \
--cc=davem@davemloft.net \
--cc=liuhangbin@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=nikolay@cumulusnetworks.com \
--cc=roopa@cumulusnetworks.com \
--cc=yinxu@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.