Re: [PATCHv2 2/2] bridge: multicast: enable snooping on general queries only
From: David Miller
Date: Tue Mar 11 2014 - 23:23:48 EST
From: Linus Lüssing <linus.luessing@xxxxxx>
Date: Mon, 10 Mar 2014 22:25:25 +0100
> Without this check someone could easily create a denial of service
> by injecting multicast-specific queries to enable the bridge
> snooping part if no real querier issuing periodic general queries
> is present on the link which would result in the bridge wrongly
> shutting down ports for multicast traffic as the bridge did not learn
> about these listeners.
>
> With this patch the snooping code is enabled upon receiving valid,
> general queries only.
>
> Signed-off-by: Linus Lüssing <linus.luessing@xxxxxx>
Applied.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/