bridge: Snoop Multicast Router Advertisements

When multiple multicast routers are present in a broadcast domain then
only one of them will be detectable via IGMP/MLD query snooping. The
multicast router with the lowest IP address will become the selected and
active querier while all other multicast routers will then refrain from
sending queries.

To detect such rather silent multicast routers, too, RFC4286
("Multicast Router Discovery") provides a standardized protocol to
detect multicast routers for multicast snooping switches.

This patch implements the necessary MRD Advertisement message parsing
and after successful processing adds such routers to the internal
multicast router list.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/linux/in.h b/include/linux/in.h
index 31b493734763df02cb16d4480787adf4bc927ed3..435e7f2a513ad56652001d548cbdbb044dd0bc70 100644 (file)
--- a/include/linux/in.h
+++ b/include/linux/in.h
@@ -60,6 +60,11 @@ static inline bool ipv4_is_lbcast(__be32 addr)
        return addr == htonl(INADDR_BROADCAST);
 }
 
+static inline bool ipv4_is_all_snoopers(__be32 addr)
+{
+       return addr == htonl(INADDR_ALLSNOOPERS_GROUP);
+}
+
 static inline bool ipv4_is_zeronet(__be32 addr)
 {
        return (addr & htonl(0xff000000)) == htonl(0x00000000);

diff --git a/include/net/addrconf.h b/include/net/addrconf.h
index daf11dcb0f70918837463e5144183281cdb0bd11..20d523ee2fec3d69819a4587cc044fcadc3c040c 100644 (file)
--- a/include/net/addrconf.h
+++ b/include/net/addrconf.h
@@ -229,6 +229,7 @@ void ipv6_mc_unmap(struct inet6_dev *idev);
 void ipv6_mc_remap(struct inet6_dev *idev);
 void ipv6_mc_init_dev(struct inet6_dev *idev);
 void ipv6_mc_destroy_dev(struct inet6_dev *idev);
+int ipv6_mc_check_icmpv6(struct sk_buff *skb);
 int ipv6_mc_check_mld(struct sk_buff *skb);
 void addrconf_dad_failure(struct sk_buff *skb, struct inet6_ifaddr *ifp);
 
@@ -499,6 +500,20 @@ static inline bool ipv6_addr_is_solict_mult(const struct in6_addr *addr)
 #endif
 }
 
+static inline bool ipv6_addr_is_all_snoopers(const struct in6_addr *addr)
+{
+#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
+       __be64 *p = (__be64 *)addr;
+
+       return ((p[0] ^ cpu_to_be64(0xff02000000000000UL)) |
+               (p[1] ^ cpu_to_be64(0x6a))) == 0UL;
+#else
+       return ((addr->s6_addr32[0] ^ htonl(0xff020000)) |
+               addr->s6_addr32[1] | addr->s6_addr32[2] |
+               (addr->s6_addr32[3] ^ htonl(0x0000006a))) == 0;
+#endif
+}
+
 #ifdef CONFIG_PROC_FS
 int if6_proc_init(void);
 void if6_proc_exit(void);

diff --git a/include/uapi/linux/icmpv6.h b/include/uapi/linux/icmpv6.h
index caf8dc01925029f585fdb923927ab98a55c861ac..325395f56bfa61aaf733788bd43424e7462ddf2d 100644 (file)
--- a/include/uapi/linux/icmpv6.h
+++ b/include/uapi/linux/icmpv6.h
@@ -108,6 +108,8 @@ struct icmp6hdr {
 #define ICMPV6_MOBILE_PREFIX_SOL       146
 #define ICMPV6_MOBILE_PREFIX_ADV       147
 
+#define ICMPV6_MRDISC_ADV              151
+
 /*
  *     Codes for Destination Unreachable
  */

diff --git a/include/uapi/linux/igmp.h b/include/uapi/linux/igmp.h
index 7e44ac02ca18c198388f6b49041b5dcdb899a5f6..90c28bc466c63698e13aabc46e49fed407766b4d 100644 (file)
--- a/include/uapi/linux/igmp.h
+++ b/include/uapi/linux/igmp.h
@@ -93,6 +93,7 @@ struct igmpv3_query {
 #define IGMP_MTRACE_RESP               0x1e
 #define IGMP_MTRACE                    0x1f
 
+#define IGMP_MRDISC_ADV                        0x30    /* From RFC4286 */
 
 /*
  *     Use the BSD names for these for compatibility

diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 2366f4a2780e414b428edda1d8b3442354bf1d96..2c46c7aca57108e3196c324ee8f5a46c38b59630 100644 (file)
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -14,6 +14,7 @@
 #include <linux/export.h>
 #include <linux/if_ether.h>
 #include <linux/igmp.h>
+#include <linux/in.h>
 #include <linux/jhash.h>
 #include <linux/kernel.h>
 #include <linux/log2.h>
@@ -29,10 +30,12 @@
 #include <net/ip.h>
 #include <net/switchdev.h>
 #if IS_ENABLED(CONFIG_IPV6)
+#include <linux/icmpv6.h>
 #include <net/ipv6.h>
 #include <net/mld.h>
 #include <net/ip6_checksum.h>
 #include <net/addrconf.h>
+#include <net/ipv6.h>
 #endif
 
 #include "br_private.h"
@@ -1583,6 +1586,19 @@ static void br_multicast_pim(struct net_bridge *br,
        br_multicast_mark_router(br, port);
 }
 
+static int br_ip4_multicast_mrd_rcv(struct net_bridge *br,
+                                   struct net_bridge_port *port,
+                                   struct sk_buff *skb)
+{
+       if (ip_hdr(skb)->protocol != IPPROTO_IGMP ||
+           igmp_hdr(skb)->type != IGMP_MRDISC_ADV)
+               return -ENOMSG;
+
+       br_multicast_mark_router(br, port);
+
+       return 0;
+}
+
 static int br_multicast_ipv4_rcv(struct net_bridge *br,
                                 struct net_bridge_port *port,
                                 struct sk_buff *skb,
@@ -1600,7 +1616,15 @@ static int br_multicast_ipv4_rcv(struct net_bridge *br,
                } else if (pim_ipv4_all_pim_routers(ip_hdr(skb)->daddr)) {
                        if (ip_hdr(skb)->protocol == IPPROTO_PIM)
                                br_multicast_pim(br, port, skb);
+               } else if (ipv4_is_all_snoopers(ip_hdr(skb)->daddr)) {
+                       err = br_ip4_multicast_mrd_rcv(br, port, skb);
+
+                       if (err < 0 && err != -ENOMSG) {
+                               br_multicast_err_count(br, port, skb->protocol);
+                               return err;
+                       }
                }
+
                return 0;
        } else if (err < 0) {
                br_multicast_err_count(br, port, skb->protocol);
@@ -1635,6 +1659,27 @@ static int br_multicast_ipv4_rcv(struct net_bridge *br,
 }
 
 #if IS_ENABLED(CONFIG_IPV6)
+static int br_ip6_multicast_mrd_rcv(struct net_bridge *br,
+                                   struct net_bridge_port *port,
+                                   struct sk_buff *skb)
+{
+       int ret;
+
+       if (ipv6_hdr(skb)->nexthdr != IPPROTO_ICMPV6)
+               return -ENOMSG;
+
+       ret = ipv6_mc_check_icmpv6(skb);
+       if (ret < 0)
+               return ret;
+
+       if (icmp6_hdr(skb)->icmp6_type != ICMPV6_MRDISC_ADV)
+               return -ENOMSG;
+
+       br_multicast_mark_router(br, port);
+
+       return 0;
+}
+
 static int br_multicast_ipv6_rcv(struct net_bridge *br,
                                 struct net_bridge_port *port,
                                 struct sk_buff *skb,
@@ -1649,6 +1694,16 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
        if (err == -ENOMSG) {
                if (!ipv6_addr_is_ll_all_nodes(&ipv6_hdr(skb)->daddr))
                        BR_INPUT_SKB_CB(skb)->mrouters_only = 1;
+
+               if (ipv6_addr_is_all_snoopers(&ipv6_hdr(skb)->daddr)) {
+                       err = br_ip6_multicast_mrd_rcv(br, port, skb);
+
+                       if (err < 0 && err != -ENOMSG) {
+                               br_multicast_err_count(br, port, skb->protocol);
+                               return err;
+                       }
+               }
+
                return 0;
        } else if (err < 0) {
                br_multicast_err_count(br, port, skb->protocol);

diff --git a/net/ipv6/mcast_snoop.c b/net/ipv6/mcast_snoop.c
index a72ddfc40eb37b6b5a48de941dd51ab031b2096d..55e2ac179f28a806357f65f16b8ba4d435b161af 100644 (file)
--- a/net/ipv6/mcast_snoop.c
+++ b/net/ipv6/mcast_snoop.c
@@ -41,6 +41,8 @@ static int ipv6_mc_check_ip6hdr(struct sk_buff *skb)
        if (skb->len < len || len <= offset)
                return -EINVAL;
 
+       skb_set_transport_header(skb, offset);
+
        return 0;
 }
 
@@ -142,7 +144,7 @@ static inline __sum16 ipv6_mc_validate_checksum(struct sk_buff *skb)
        return skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo);
 }
 
-static int ipv6_mc_check_icmpv6(struct sk_buff *skb)
+int ipv6_mc_check_icmpv6(struct sk_buff *skb)
 {
        unsigned int len = skb_transport_offset(skb) + sizeof(struct icmp6hdr);
        unsigned int transport_len = ipv6_transport_len(skb);
@@ -161,6 +163,7 @@ static int ipv6_mc_check_icmpv6(struct sk_buff *skb)
 
        return 0;
 }
+EXPORT_SYMBOL(ipv6_mc_check_icmpv6);
 
 /**
  * ipv6_mc_check_mld - checks whether this is a sane MLD packet