net: bridge: mcast: when forwarding handle filter mode and blocked flag

We need to avoid forwarding to ports in MCAST_INCLUDE filter mode when the
mdst entry is a *,G or when the port has the blocked flag.

Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
index 4d12999e4576a5b49dd40ece11d60ef2992e1c2b..e28ffadd1371933e83c84a4bfcaf7784de48c44e 100644 (file)
--- a/net/bridge/br_forward.c
+++ b/net/bridge/br_forward.c
@@ -274,10 +274,19 @@ void br_multicast_flood(struct net_bridge_mdb_entry *mdst,
        struct net_bridge *br = netdev_priv(dev);
        struct net_bridge_port *prev = NULL;
        struct net_bridge_port_group *p;
+       bool allow_mode_include = true;
        struct hlist_node *rp;
 
        rp = rcu_dereference(hlist_first_rcu(&br->router_list));
-       p = mdst ? rcu_dereference(mdst->ports) : NULL;
+       if (mdst) {
+               p = rcu_dereference(mdst->ports);
+               if (br_multicast_should_handle_mode(br, mdst->addr.proto) &&
+                   br_multicast_is_star_g(&mdst->addr))
+                       allow_mode_include = false;
+       } else {
+               p = NULL;
+       }
+
        while (p || rp) {
                struct net_bridge_port *port, *lport, *rport;
 
@@ -292,6 +301,10 @@ void br_multicast_flood(struct net_bridge_mdb_entry *mdst,
                                                   local_orig);
                                goto delivered;
                        }
+                       if ((!allow_mode_include &&
+                            p->filter_mode == MCAST_INCLUDE) ||
+                           (p->flags & MDB_PG_FLAGS_BLOCKED))
+                               goto delivered;
                } else {
                        port = rport;
                }