]>
Commit | Line | Data |
---|---|---|
4bc434b8 JL |
1 | From bcd7c648e86d97263c931de53a008c9629e7797e Mon Sep 17 00:00:00 2001 |
2 | From: Stefan Becker <stefan.becker@nokia.com> | |
3 | Date: Fri, 11 Dec 2009 21:08:57 +0200 | |
4 | Subject: [PATCH] Restrict igmp reports forwarding to upstream interface | |
5 | ||
6 | Utilize the new "whitelist" keyword also on the upstream interface definition. | |
7 | If specified then only whitelisted multicast groups will be forwarded upstream. | |
8 | ||
9 | This can be used to avoid publishing private multicast groups to the world, | |
10 | e.g. SSDP from a UPnP server on the internal network. | |
11 | --- | |
12 | doc/igmpproxy.conf.5.in | 5 +++++ | |
13 | src/rttable.c | 17 +++++++++++++++++ | |
14 | 2 files changed, 22 insertions(+), 0 deletions(-) | |
15 | ||
16 | diff --git a/doc/igmpproxy.conf.5.in b/doc/igmpproxy.conf.5.in | |
17 | index 56efa22..d916f05 100644 | |
18 | --- a/doc/igmpproxy.conf.5.in | |
19 | +++ b/doc/igmpproxy.conf.5.in | |
20 | @@ -134,6 +134,11 @@ You may specify as many whitelist entries as needed. Although you should keep it | |
21 | possible, as this list is parsed for every membership report and therefore this increases igmp | |
22 | response times. Often used or large groups should be defined first, as parsing ends as soon as | |
23 | a group matches an entry. | |
24 | + | |
25 | +You may also specify whitelist entries for the upstream interface. Only igmp membership reports | |
26 | +for explicitely whitelisted multicast groups will be sent out on the upstream interface. This | |
27 | +is useful if you want to use multicast groups only between your downstream interfaces, like SSDP | |
28 | +from a UPnP server. | |
29 | .RE | |
30 | ||
31 | .SH EXAMPLE | |
32 | diff --git a/src/rttable.c b/src/rttable.c | |
33 | index f0701a8..77dd791 100644 | |
34 | --- a/src/rttable.c | |
35 | +++ b/src/rttable.c | |
36 | @@ -117,6 +117,23 @@ void sendJoinLeaveUpstream(struct RouteTable* route, int join) { | |
37 | my_log(LOG_ERR, 0 ,"FATAL: Unable to get Upstream IF."); | |
38 | } | |
39 | ||
40 | + // Check if there is a white list for the upstram VIF | |
41 | + if (upstrIf->allowedgroups != NULL) { | |
42 | + uint32_t group = route->group; | |
43 | + struct SubnetList* sn; | |
44 | + | |
45 | + // Check if this Request is legit to be forwarded to upstream | |
46 | + for(sn = upstrIf->allowedgroups; sn != NULL; sn = sn->next) | |
47 | + if((group & sn->subnet_mask) == sn->subnet_addr) | |
48 | + // Forward is OK... | |
49 | + break; | |
50 | + | |
51 | + if (sn == NULL) { | |
52 | + my_log(LOG_INFO, 0, "The group address %s may not be forwarded upstream. Ignoring.", inetFmt(group, s1)); | |
53 | + return; | |
54 | + } | |
55 | + } | |
56 | + | |
57 | // Send join or leave request... | |
58 | if(join) { | |
59 | ||
60 | -- | |
61 | 1.7.2.5 | |
62 |