Re: [PATCH net-next 4/8] net: ipv6: mld: implement RFC3810 MLDv2 mode only

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel Borkmann <dborkman@redhat.com>
To: davem@davemloft.net, netdev@vger.kernel.org
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Subject: Re: [PATCH net-next 4/8] net: ipv6: mld: implement RFC3810 MLDv2 mode only
Date: Tue, 03 Sep 2013 23:16:27 +0200	[thread overview]
Message-ID: <522651AB.1000504@redhat.com> (raw)
In-Reply-To: <20130903210011.GB28889@order.stressinduktion.org>

On 09/03/2013 11:00 PM, Hannes Frederic Sowa wrote:
> Hi Daniel!
>
> On Tue, Sep 03, 2013 at 09:59:34AM +0200, Daniel Borkmann wrote:
>> RFC3810, 10. Security Considerations says under subsection 10.1.
>> Query Message:
>>
>>    A forged Version 1 Query message will put MLDv2 listeners on that
>>    link in MLDv1 Host Compatibility Mode. This scenario can be avoided
>>    by providing MLDv2 hosts with a configuration option to ignore
>>    Version 1 messages completely.
>>
>> Hence, implement a MLDv2-only mode that will ignore MLDv1 traffic:
>>
>>    echo 2 > /proc/sys/net/ipv6/conf/ethX/force_mld_version
>
> I just played around with MLDv2-only mode and noticed that the commit message
> diverges from the code:
>
>> diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
>> index 005b22f..02cd0c5 100644
>> --- a/net/ipv6/mcast.c
>> +++ b/net/ipv6/mcast.c
>> @@ -1112,9 +1112,21 @@ static bool mld_marksources(struct ifmcaddr6 *pmc, int nsrcs,
>>   	return true;
>>   }
>>
>> +static bool mld_in_v2_mode_only(const struct inet6_dev *idev)
>> +{
>> +	return dev_net(idev->dev)->ipv6.devconf_all->force_mld_version == 2;
>
> Maybe something like
>
> int val = idev->cnf.force_mld_version ?: dev_net(idev->dev)->ipv6.devconf_all->force_mld_version;
> return val == 2;

Hm, true, thanks for spotting. I think it makes sense, first check for individual idev
setting, then for whole namespace. I will update the series and send v2.

>> +}
>> +
>> +static bool mld_in_v1_mode_only(const struct inet6_dev *idev)
>> +{
>> +	return dev_net(idev->dev)->ipv6.devconf_all->force_mld_version == 1;
>
> Likewise.
>
>> +}
>> +
>>   static bool mld_in_v1_mode(const struct inet6_dev *idev)
>>   {
>> -	if (dev_net(idev->dev)->ipv6.devconf_all->force_mld_version == 1)
>> +	if (mld_in_v2_mode_only(idev))
>> +		return false;
>> +	if (mld_in_v1_mode_only(idev))
>>   		return true;
>>   	if (idev->cnf.force_mld_version == 1)
>>   		return true;
>
> This last if statement could be dropped then.
>
> Thanks,
>
>    Hannes
>

next prev parent reply	other threads:[~2013-09-03 21:16 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-03  7:59 [PATCH net-next 0/8] IPv6 MLD updates Daniel Borkmann
2013-09-03  7:59 ` [PATCH net-next 1/8] net: ipv6: mld: fix v1/v2 switchback timeout to rfc3810, 9.12 Daniel Borkmann
2013-09-03 17:52   ` Hannes Frederic Sowa
2013-09-03  7:59 ` [PATCH net-next 2/8] net: ipv6: mld: clean up MLD_V1_SEEN macro Daniel Borkmann
2013-09-03 17:55   ` Hannes Frederic Sowa
2013-09-03  7:59 ` [PATCH net-next 3/8] net: ipv6: mld: get rid of MLDV2_MRC and simplify calculation Daniel Borkmann
2013-09-03 18:09   ` Hannes Frederic Sowa
2013-09-03  7:59 ` [PATCH net-next 4/8] net: ipv6: mld: implement RFC3810 MLDv2 mode only Daniel Borkmann
2013-09-03 18:12   ` Hannes Frederic Sowa
2013-09-03 21:00   ` Hannes Frederic Sowa
2013-09-03 21:16     ` Daniel Borkmann [this message]
2013-09-03  7:59 ` [PATCH net-next 5/8] net: ipv6: mld: similarly to MLDv2 have min max_delay of 1 Daniel Borkmann
2013-09-03 18:38   ` Hannes Frederic Sowa
2013-09-03  7:59 ` [PATCH net-next 6/8] net: ipv6: mld: refactor query processing into v1/v2 functions Daniel Borkmann
2013-09-03 18:49   ` Hannes Frederic Sowa
2013-09-03  7:59 ` [PATCH net-next 7/8] net: ipv6: mld: introduce mld_{gq,ifc,dad}_stop_timer functions Daniel Borkmann
2013-09-03 18:51   ` Hannes Frederic Sowa
2013-09-03  7:59 ` [PATCH net-next 8/8] net: ipv6: mld: document force_mld_version in ip-sysctl.txt Daniel Borkmann
2013-09-03 18:52   ` Hannes Frederic Sowa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=522651AB.1000504@redhat.com \
    --to=dborkman@redhat.com \
    --cc=davem@davemloft.net \
    --cc=hannes@stressinduktion.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.