netdev
[Top] [All Lists]

Re: IPv6 multicast (MLD,IGMP) code bypasses netfilter hooks

To: Harald Welte <laforge@xxxxxxxxxxxxx>, davem@xxxxxxxxxx
Subject: Re: IPv6 multicast (MLD,IGMP) code bypasses netfilter hooks
From: David Stevens <dlstevens@xxxxxxxxxx>
Date: Sun, 23 Nov 2003 04:13:39 -0700
Cc: netdev@xxxxxxxxxxx, Netfilter Development Mailinglist <netfilter-devel@xxxxxxxxxxxxxxxxxxx>
Importance: Normal
Sender: netdev-bounce@xxxxxxxxxxx
Sensitivity:



Here's a patch to add netfilter hooks for MLD v1 & v2. Can you take
quick look at it, Harald?

                        +-DLS

--- linux-2.6.0-test9-bk25/net/ipv6/mcast.c     2003-11-21 19:33:41.000000000 
-0800
+++ linux-2.6.0-test9-bk25F1/net/ipv6/mcast.c   2003-11-23 01:32:39.000000000 
-0800
@@ -46,6 +46,9 @@
 #include <linux/proc_fs.h>
 #include <linux/seq_file.h>

+#include <linux/netfilter.h>
+#include <linux/netfilter_ipv6.h>
+
 #include <net/sock.h>
 #include <net/snmp.h>

@@ -1265,6 +1268,7 @@
      struct mld2_report *pmr = (struct mld2_report *)skb->h.raw;
      int payload_len, mldlen;
      struct inet6_dev *idev = in6_dev_get(skb->dev);
+     int err;

      payload_len = skb->tail - (unsigned char *)skb->nh.ipv6h -
            sizeof(struct ipv6hdr);
@@ -1273,8 +1277,10 @@

      pmr->csum = csum_ipv6_magic(&pip6->saddr, &pip6->daddr, mldlen,
            IPPROTO_ICMPV6, csum_partial(skb->h.raw, mldlen, 0));
-     dev_queue_xmit(skb);
-     ICMP6_INC_STATS(idev,Icmp6OutMsgs);
+     err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, skb->dev,
+           dev_queue_xmit);
+     if (!err)
+           ICMP6_INC_STATS(idev,Icmp6OutMsgs);
      if (likely(idev != NULL))
            in6_dev_put(idev);
 }
@@ -1603,12 +1609,15 @@

      idev = in6_dev_get(skb->dev);

-     dev_queue_xmit(skb);
-     if (type == ICMPV6_MGM_REDUCTION)
-           ICMP6_INC_STATS(idev, Icmp6OutGroupMembReductions);
-     else
-           ICMP6_INC_STATS(idev, Icmp6OutGroupMembResponses);
-     ICMP6_INC_STATS(idev, Icmp6OutMsgs);
+     err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, skb->dev,
+           dev_queue_xmit);
+     if (!err) {
+           if (type == ICMPV6_MGM_REDUCTION)
+                 ICMP6_INC_STATS(idev, Icmp6OutGroupMembReductions);
+           else
+                 ICMP6_INC_STATS(idev, Icmp6OutGroupMembResponses);
+           ICMP6_INC_STATS(idev, Icmp6OutMsgs);
+     }

      if (likely(idev != NULL))
            in6_dev_put(idev);

(See attached file: MLDNF.patch)

Attachment: MLDNF.patch
Description: Binary data

<Prev in Thread] Current Thread [Next in Thread>