From: Johannes Berg <johannes-cdvu00un1VgdHxzADdlk8Q@public.gmane.org>
To: Julian Anastasov <ja-FgGsKACvmQM@public.gmane.org>
Cc: David Miller <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [RFC] net: ipv4: drop unicast encapsulated in L2 multicast
Date: Wed, 27 Aug 2014 13:29:27 +0200 [thread overview]
Message-ID: <1409138967.2505.11.camel@jlt4.sipsolutions.net> (raw)
In-Reply-To: <alpine.LFD.2.11.1408271255230.2348-c1lBKlETG9EWAawoAK+ZAw@public.gmane.org>
On Wed, 2014-08-27 at 13:23 +0300, Julian Anastasov wrote:
> CLUSTERIP works in LOCAL_IN. My preference is to
> add checks in every protocol where it is missing but if
> you prefer a global check, ip_local_deliver_finish() is
> a good place: CLUSTERIP already changed pkt_type to
> PACKET_HOST. For example:
>
> if (!(skb_rtable(skb)->rt_flags &
> (RTCF_BROADCAST | RTCF_MULTICAST)) &&
> (skb->pkt_type == PACKET_BROADCAST ||
> skb->pkt_type == PACKET_MULTICAST)) {
> kfree_skb(skb);
> return;
> }
>
> By this way we protect the local stack globally.
I suppose that'd work then?
> BTW, what kind of packets (protocol) we want to drop? UDP?
All IP protocols, this comes either from the IPv4 RFC (1122) or from the
wireless issue which affects all protocols.
> As for ip_forward(), there is already check for
> PACKET_HOST.
>
> Not sure, may be a MIB counter for such drops
> would be useful.
Yeah, maybe, not sure.
johannes
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2014-08-27 11:29 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-21 17:22 [RFC] net: ipv4: drop unicast encapsulated in L2 multicast Johannes Berg
2014-08-21 17:32 ` Johannes Berg
[not found] ` <1408642331.4388.2.camel-8Nb76shvtaUJvtFkdXX2HixXY32XiHfO@public.gmane.org>
2014-08-27 7:38 ` Hannes Frederic Sowa
2014-08-27 9:05 ` Johannes Berg
2014-08-27 9:53 ` Hannes Frederic Sowa
2014-09-02 9:36 ` Johannes Berg
2014-09-03 1:59 ` YOSHIFUJI Hideaki
[not found] ` <540675F2.1030308-GmhWrQMWH5w7YuNMryXyOw@public.gmane.org>
2014-09-02 22:03 ` David Miller
[not found] ` <20140902.150326.1420682815750767731.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2014-09-03 12:01 ` Hannes Frederic Sowa
2014-08-21 19:51 ` Julian Anastasov
[not found] ` <alpine.LFD.2.11.1408212119510.1896-c1lBKlETG9EWAawoAK+ZAw@public.gmane.org>
2014-08-22 17:54 ` David Miller
2014-08-27 9:13 ` Johannes Berg
[not found] ` <1409130792.2505.5.camel-8Nb76shvtaUJvtFkdXX2HixXY32XiHfO@public.gmane.org>
2014-08-27 10:23 ` Julian Anastasov
[not found] ` <alpine.LFD.2.11.1408271255230.2348-c1lBKlETG9EWAawoAK+ZAw@public.gmane.org>
2014-08-27 11:29 ` Johannes Berg [this message]
2014-08-27 14:31 ` Julian Anastasov
2014-09-02 9:33 ` Johannes Berg
[not found] ` <20140822.105405.1982870131653082781.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2014-11-20 21:31 ` Johannes Berg
[not found] ` <1408641747-22199-1-git-send-email-johannes-cdvu00un1VgdHxzADdlk8Q@public.gmane.org>
2014-09-02 21:16 ` Stephen Hemminger
2014-09-03 9:40 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1409138967.2505.11.camel@jlt4.sipsolutions.net \
--to=johannes-cdvu00un1vgdhxzaddlk8q@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=ja-FgGsKACvmQM@public.gmane.org \
--cc=linux-wireless-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).