git: DragonFly_RELEASE_3_4 ip/udp: Fix IP source address setting for multicast address bound socket
Sepherosa Ziehau
sephe at crater.dragonflybsd.org
Mon Apr 8 20:24:54 PDT 2013
commit 49452c993aaa48db33a11357cc5df6b73d0ff394
Author: Sepherosa Ziehau <sephe at dragonflybsd.org>
Date: Tue Apr 9 11:06:39 2013 +0800
ip/udp: Fix IP source address setting for multicast address bound socket
It is a common practice to bind UDP socket to multicast address to enjoy
kernel level destination multicast address and port filtering. However,
if data are sent on this kind of socket, source address of the IP packet
will be the bound multicast address?!
Two fixes are added to address this bug:
1) Don't set IP source address in udp_output(), if the inpcb's laddr is
multicast address. Instead the IP source address is set to INADDR_ANY,
so ip_output() could pick up a proper IP source address.
2) With 1) in place, it is possible that IP source address is INADDR_ANY
before the ifnet.if_output() using following steps:
- If the IP_MULTICAST_IF socket option is set to iface0
- The iface0's last IP address is unset, before the ip_output()
This condition could easily be reproduced by using test/mcast:
mcast -m 224.2.2.2 -p 3000 -i iface0_ip -D 10
During the 10sec delay, wipe out all IP addresses from iface0
Well, even without 1), raw IP still could generate IP packet using
INADDR_ANY as source address.
Two checks on the source IP address are added to ip_output() before
ifnet.if_output()
- IP source address should not be INADDR_ANY
- IP source address should not be multicast address
And for multicast IP packets, if the IP source address could be
determined, they will not be looped back and forwarded.
Reported-by: zeroxia
Summary of changes:
sys/netinet/ip_output.c | 86 +++++++++++++++++++++++++++---------------------
sys/netinet/udp_usrreq.c | 5 ++-
2 files changed, 53 insertions(+), 38 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/49452c993aaa48db33a11357cc5df6b73d0ff394
--
DragonFly BSD source repository
More information about the Commits
mailing list