--- /dev/null
+From 5a2de63fd1a59c30c02526d427bc014b98adf508 Mon Sep 17 00:00:00 2001
+From: Hangbin Liu <liuhangbin@gmail.com>
+Date: Fri, 26 Oct 2018 10:28:43 +0800
+Subject: bridge: do not add port to router list when receives query with source 0.0.0.0
+
+From: Hangbin Liu <liuhangbin@gmail.com>
+
+commit 5a2de63fd1a59c30c02526d427bc014b98adf508 upstream.
+
+Based on RFC 4541, 2.1.1. IGMP Forwarding Rules
+
+ The switch supporting IGMP snooping must maintain a list of
+ multicast routers and the ports on which they are attached. This
+ list can be constructed in any combination of the following ways:
+
+ a) This list should be built by the snooping switch sending
+ Multicast Router Solicitation messages as described in IGMP
+ Multicast Router Discovery [MRDISC]. It may also snoop
+ Multicast Router Advertisement messages sent by and to other
+ nodes.
+
+ b) The arrival port for IGMP Queries (sent by multicast routers)
+ where the source address is not 0.0.0.0.
+
+We should not add the port to router list when receives query with source
+0.0.0.0.
+
+Reported-by: Ying Xu <yinxu@redhat.com>
+Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
+Acked-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
+Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bridge/br_multicast.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+--- a/net/bridge/br_multicast.c
++++ b/net/bridge/br_multicast.c
+@@ -1261,7 +1261,15 @@ static void br_multicast_query_received(
+ return;
+
+ br_multicast_update_query_timer(br, query, max_delay);
+- br_multicast_mark_router(br, port);
++
++ /* Based on RFC4541, section 2.1.1 IGMP Forwarding Rules,
++ * the arrival port for IGMP Queries where the source address
++ * is 0.0.0.0 should not be added to router port list.
++ */
++ if ((saddr->proto == htons(ETH_P_IP) && saddr->u.ip4) ||
++ (saddr->proto == htons(ETH_P_IPV6) &&
++ !ipv6_addr_any(&saddr->u.ip6)))
++ br_multicast_mark_router(br, port);
+ }
+
+ static int br_ip4_multicast_query(struct net_bridge *br,
--- /dev/null
+From 0fe5119e267f3e3d8ac206895f5922195ec55a8a Mon Sep 17 00:00:00 2001
+From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
+Date: Sat, 27 Oct 2018 12:07:47 +0300
+Subject: net: bridge: remove ipv6 zero address check in mcast queries
+
+From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
+
+commit 0fe5119e267f3e3d8ac206895f5922195ec55a8a upstream.
+
+Recently a check was added which prevents marking of routers with zero
+source address, but for IPv6 that cannot happen as the relevant RFCs
+actually forbid such packets:
+RFC 2710 (MLDv1):
+"To be valid, the Query message MUST
+ come from a link-local IPv6 Source Address, be at least 24 octets
+ long, and have a correct MLD checksum."
+
+Same goes for RFC 3810.
+
+And also it can be seen as a requirement in ipv6_mc_check_mld_query()
+which is used by the bridge to validate the message before processing
+it. Thus any queries with :: source address won't be processed anyway.
+So just remove the check for zero IPv6 source address from the query
+processing function.
+
+Fixes: 5a2de63fd1a5 ("bridge: do not add port to router list when receives query with source 0.0.0.0")
+Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Hangbin Liu <liuhangbin@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bridge/br_multicast.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/net/bridge/br_multicast.c
++++ b/net/bridge/br_multicast.c
+@@ -1267,8 +1267,7 @@ static void br_multicast_query_received(
+ * is 0.0.0.0 should not be added to router port list.
+ */
+ if ((saddr->proto == htons(ETH_P_IP) && saddr->u.ip4) ||
+- (saddr->proto == htons(ETH_P_IPV6) &&
+- !ipv6_addr_any(&saddr->u.ip6)))
++ saddr->proto == htons(ETH_P_IPV6))
+ br_multicast_mark_router(br, port);
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
