netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

IPv6 multicast (MLD,IGMP) code bypasses netfilter hooks

from [Harald Welte] [Permanent Link][Original]
To: netdev@xxxxxxxxxxx
Subject: IPv6 multicast (MLD,IGMP) code bypasses netfilter hooks
From: Harald Welte <laforge@xxxxxxxxxxxxx>
Date: Sat, 22 Nov 2003 10:03:30 +0100
Cc: Netfilter Development Mailinglist <netfilter-devel@xxxxxxxxxxxxxxxxxxx>
Mail-followup-to: Harald Welte <laforge@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxx, Netfilter Development Mailinglist <netfilter-devel@xxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.4i 
Hi!

At least to me it was not known (until very recently) that the IPv6
multicast code in net/ipv6/mcast.c bypasses the netfilter hooks - but it
does.

I don't have the time to work on this right now, just wanted to drop a
note to netdev that people are aware of this issue.

This basically means that you cannot do packet filtering with ip6tables
on outgoing MLD packets.

If anyone wants to write a patch before I get the time:  Feel free to do
so.

Dave: I think this would be post 2.6.0 stuff, wouldn't it?

-- 
- Harald Welte <laforge@xxxxxxxxxxxxx>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

Attachment: pgpH3FCJf7rVF.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [IRDA] Remove uses of isa_virt_to_bus, Herbert Xu
Next by Date:  Re: [ANNOUNCE] Porting MPLS-Linux to 2.6 (2.6.0-test9-bk22) comments welcome., Harald Welte
Previous by Thread:  [IRDA] Remove uses of isa_virt_to_bus, Herbert Xu
Next by Thread:  Re: IPv6 multicast (MLD,IGMP) code bypasses netfilter hooks, David S. Miller
Indexes:  [Date] [Thread] [Top] [All Lists]