X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=src%2Fpatches%2Figmpproxy-004-Restrict-igmp-reports-forwarding-to-upstream-interfa.patch;fp=src%2Fpatches%2Figmpproxy-004-Restrict-igmp-reports-forwarding-to-upstream-interfa.patch;h=0000000000000000000000000000000000000000;hp=a4caed72d2c0f177551f5e4e717efffd47940168;hb=9d959ac151e10c8bf82ceec516da32e986481fd1;hpb=8c072c5c43a98c58017c5f3442d9e22920dba1a0 diff --git a/src/patches/igmpproxy-004-Restrict-igmp-reports-forwarding-to-upstream-interfa.patch b/src/patches/igmpproxy-004-Restrict-igmp-reports-forwarding-to-upstream-interfa.patch deleted file mode 100644 index a4caed72d2..0000000000 --- a/src/patches/igmpproxy-004-Restrict-igmp-reports-forwarding-to-upstream-interfa.patch +++ /dev/null @@ -1,62 +0,0 @@ -From bcd7c648e86d97263c931de53a008c9629e7797e Mon Sep 17 00:00:00 2001 -From: Stefan Becker -Date: Fri, 11 Dec 2009 21:08:57 +0200 -Subject: [PATCH] Restrict igmp reports forwarding to upstream interface - -Utilize the new "whitelist" keyword also on the upstream interface definition. -If specified then only whitelisted multicast groups will be forwarded upstream. - -This can be used to avoid publishing private multicast groups to the world, -e.g. SSDP from a UPnP server on the internal network. ---- - doc/igmpproxy.conf.5.in | 5 +++++ - src/rttable.c | 17 +++++++++++++++++ - 2 files changed, 22 insertions(+), 0 deletions(-) - -diff --git a/doc/igmpproxy.conf.5.in b/doc/igmpproxy.conf.5.in -index 56efa22..d916f05 100644 ---- a/doc/igmpproxy.conf.5.in -+++ b/doc/igmpproxy.conf.5.in -@@ -134,6 +134,11 @@ You may specify as many whitelist entries as needed. Although you should keep it - possible, as this list is parsed for every membership report and therefore this increases igmp - response times. Often used or large groups should be defined first, as parsing ends as soon as - a group matches an entry. -+ -+You may also specify whitelist entries for the upstream interface. Only igmp membership reports -+for explicitely whitelisted multicast groups will be sent out on the upstream interface. This -+is useful if you want to use multicast groups only between your downstream interfaces, like SSDP -+from a UPnP server. - .RE - - .SH EXAMPLE -diff --git a/src/rttable.c b/src/rttable.c -index f0701a8..77dd791 100644 ---- a/src/rttable.c -+++ b/src/rttable.c -@@ -117,6 +117,23 @@ void sendJoinLeaveUpstream(struct RouteTable* route, int join) { - my_log(LOG_ERR, 0 ,"FATAL: Unable to get Upstream IF."); - } - -+ // Check if there is a white list for the upstram VIF -+ if (upstrIf->allowedgroups != NULL) { -+ uint32_t group = route->group; -+ struct SubnetList* sn; -+ -+ // Check if this Request is legit to be forwarded to upstream -+ for(sn = upstrIf->allowedgroups; sn != NULL; sn = sn->next) -+ if((group & sn->subnet_mask) == sn->subnet_addr) -+ // Forward is OK... -+ break; -+ -+ if (sn == NULL) { -+ my_log(LOG_INFO, 0, "The group address %s may not be forwarded upstream. Ignoring.", inetFmt(group, s1)); -+ return; -+ } -+ } -+ - // Send join or leave request... - if(join) { - --- -1.7.2.5 -