Return-path: Received: from s3.sipsolutions.net ([5.9.151.49]:45098 "EHLO sipsolutions.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755728AbaH0L3g (ORCPT ); Wed, 27 Aug 2014 07:29:36 -0400 Message-ID: <1409138967.2505.11.camel@jlt4.sipsolutions.net> (sfid-20140827_132950_765573_5E3A3E90) Subject: Re: [RFC] net: ipv4: drop unicast encapsulated in L2 multicast From: Johannes Berg To: Julian Anastasov Cc: David Miller , linux-wireless@vger.kernel.org, netdev@vger.kernel.org Date: Wed, 27 Aug 2014 13:29:27 +0200 In-Reply-To: References: <1408641747-22199-1-git-send-email-johannes@sipsolutions.net> <20140822.105405.1982870131653082781.davem@davemloft.net> <1409130792.2505.5.camel@jlt4.sipsolutions.net> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Sender: linux-wireless-owner@vger.kernel.org List-ID: On Wed, 2014-08-27 at 13:23 +0300, Julian Anastasov wrote: > CLUSTERIP works in LOCAL_IN. My preference is to > add checks in every protocol where it is missing but if > you prefer a global check, ip_local_deliver_finish() is > a good place: CLUSTERIP already changed pkt_type to > PACKET_HOST. For example: > > if (!(skb_rtable(skb)->rt_flags & > (RTCF_BROADCAST | RTCF_MULTICAST)) && > (skb->pkt_type == PACKET_BROADCAST || > skb->pkt_type == PACKET_MULTICAST)) { > kfree_skb(skb); > return; > } > > By this way we protect the local stack globally. I suppose that'd work then? > BTW, what kind of packets (protocol) we want to drop? UDP? All IP protocols, this comes either from the IPv4 RFC (1122) or from the wireless issue which affects all protocols. > As for ip_forward(), there is already check for > PACKET_HOST. > > Not sure, may be a MIB counter for such drops > would be useful. Yeah, maybe, not sure. johannes