Return-path: Received: from s3.sipsolutions.net ([5.9.151.49]:60296 "EHLO sipsolutions.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752419AbaICJlI (ORCPT ); Wed, 3 Sep 2014 05:41:08 -0400 Message-ID: <1409737255.1932.5.camel@jlt4.sipsolutions.net> (sfid-20140903_114119_326300_1A0184DC) Subject: Re: [RFC] net: ipv4: drop unicast encapsulated in L2 multicast From: Johannes Berg To: Stephen Hemminger Cc: linux-wireless@vger.kernel.org, netdev@vger.kernel.org Date: Wed, 03 Sep 2014 11:40:55 +0200 In-Reply-To: <20140902141620.2da1f6aa@urahara> (sfid-20140902_231626_427316_AF0944A4) References: <1408641747-22199-1-git-send-email-johannes@sipsolutions.net> <20140902141620.2da1f6aa@urahara> (sfid-20140902_231626_427316_AF0944A4) Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Sender: linux-wireless-owner@vger.kernel.org List-ID: On Tue, 2014-09-02 at 14:16 -0700, Stephen Hemminger wrote: > On Thu, 21 Aug 2014 19:22:27 +0200 > Johannes Berg wrote: > > > + /* RFC 1122 3.3.6: > > + * > > + * When a host sends a datagram to a link-layer broadcast address, > > + * the IP destination address MUST be a legal IP broadcast or IP > > + * multicast address. > > + * > > + * A host SHOULD silently discard a datagram that is received via > > + * a link-layer broadcast (see Section 2.4) but does not specify > > + * an IP multicast or broadcast destination address. > > + * > > + * We also do this for link-layer multicast. > > + */ > > + if ((skb->pkt_type == PACKET_BROADCAST || > > + skb->pkt_type == PACKET_MULTICAST) && > > + res.type != RTN_BROADCAST) > > + goto e_inval; > > + > > I think you need to all multicast packet but not broadcast. > The RFC does not specify that you should drop link-layer multicast to a unicast > address. There are several clustering products use that. Alright - I feared we'd not be able to do this. Based on a strict reading of the RFC, you're right. I'm not sure what thinking and rationale went into this sentence in the RFC, depending on that it would have made sense to me to also apply it for broadcast (which is really just a special form of multicast, in a sense, no?) In any case, for wireless we do need broadcast as well, for obvious reasons. Therefore, I think with all the discussion here and about IPv6 etc. we're getting to the point where we should think about disentangling RFC 1122 checks (which may very well be correct and needed in their own right) and the hole-196 mitigation for wireless. Our original attempt is documented here: http://patchwork.ozlabs.org/patch/293133/ and there seemed to be consensus back then that we should do it in the wireless stack. I can live with that, even if I don't very much like the idea of dissecting IP protocols there and having to do a route lookup etc. In any case, if that's what we want to do, I'll probably need some help on how to do the route lookups etc. Any takers? :) johannes