WSL2-Linux-Kernel/net/bridge
Linus Lüssing 9901408815 net: bridge: mcast: fix broken length + header check for MRDv6 Adv.
The IPv6 Multicast Router Advertisements parsing has the following two
issues:

For one thing, ICMPv6 MRD Advertisements are smaller than ICMPv6 MLD
messages (ICMPv6 MRD Adv.: 8 bytes vs. ICMPv6 MLDv1/2: >= 24 bytes,
assuming MLDv2 Reports with at least one multicast address entry).
When ipv6_mc_check_mld_msg() tries to parse an Multicast Router
Advertisement its MLD length check will fail - and it will wrongly
return -EINVAL, even if we have a valid MRD Advertisement. With the
returned -EINVAL the bridge code will assume a broken packet and will
wrongly discard it, potentially leading to multicast packet loss towards
multicast routers.

The second issue is the MRD header parsing in
br_ip6_multicast_mrd_rcv(): It wrongly checks for an ICMPv6 header
immediately after the IPv6 header (IPv6 next header type). However
according to RFC4286, section 2 all MRD messages contain a Router Alert
option (just like MLD). So instead there is an IPv6 Hop-by-Hop option
for the Router Alert between the IPv6 and ICMPv6 header, again leading
to the bridge wrongly discarding Multicast Router Advertisements.

To fix these two issues, introduce a new return value -ENODATA to
ipv6_mc_check_mld() to indicate a valid ICMPv6 packet with a hop-by-hop
option which is not an MLD but potentially an MRD packet. This also
simplifies further parsing in the bridge code, as ipv6_mc_check_mld()
already fully checks the ICMPv6 header and hop-by-hop option.

These issues were found and fixed with the help of the mrdisc tool
(https://github.com/troglobit/mrdisc).

Fixes: 4b3087c7e3 ("bridge: Snoop Multicast Router Advertisements")
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-27 14:02:06 -07:00
..
netfilter netfilter: allow to turn off xtables compat layer 2021-04-26 18:16:56 +02:00
Kconfig bridge: cfm: Add BRIDGE_CFM to Kconfig. 2020-10-29 18:39:43 -07:00
Makefile net: bridge: multicast: add EHT host handling functions 2021-01-22 19:39:56 -08:00
br.c net: bridge: fix misspellings using codespell tool 2021-01-09 13:54:47 -08:00
br_arp_nd_proxy.c net: bridge: when suppression is enabled exclude RARP packets 2021-03-22 13:30:24 -07:00
br_cfm.c bridge: cfm: Netlink Notifications. 2020-10-29 18:39:44 -07:00
br_cfm_netlink.c bridge: cfm: Netlink Notifications. 2020-10-29 18:39:44 -07:00
br_device.c netfilter: flowtable: bridge vlan hardware offload and switchdev 2021-03-24 12:48:39 -07:00
br_fdb.c net: bridge: add helper to replay port and local fdb entries 2021-03-23 14:49:05 -07:00
br_forward.c net: bridge: check vlan with eth_type_vlan() method 2021-01-18 14:27:33 -08:00
br_if.c bridge: cfm: Kernel space implementation of CFM. MEP create/delete. 2020-10-29 18:39:43 -07:00
br_input.c net: bridge: Fix fall-through warnings for Clang 2021-03-10 12:45:15 -08:00
br_ioctl.c net: bridge: delete duplicated words 2020-09-18 14:12:43 -07:00
br_mdb.c net: bridge: add helper to replay port and host-joined mdb entries 2021-03-23 14:49:05 -07:00
br_mrp.c bridge: mrp: Disable roles before deleting the MRP instance 2021-03-24 12:14:08 -07:00
br_mrp_netlink.c bridge: mrp: Use hlist_head instead of list_head for mrp 2020-11-09 16:42:12 -08:00
br_mrp_switchdev.c bridge: mrp: Extend br_mrp_switchdev to detect better the errors 2021-02-16 14:47:46 -08:00
br_multicast.c net: bridge: mcast: fix broken length + header check for MRDv6 Adv. 2021-04-27 14:02:06 -07:00
br_multicast_eht.c net: bridge: mcast: factor out common allow/block EHT handling 2021-03-16 11:57:57 -07:00
br_netfilter_hooks.c netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal 2020-11-28 11:46:51 -08:00
br_netfilter_ipv6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2019-06-25 01:32:59 +02:00
br_netlink.c net: bridge: propagate error code and extack from br_mc_disabled_update 2021-04-14 14:32:05 -07:00
br_netlink_tunnel.c net: bridge: notify on vlan tunnel changes done via the old api 2020-07-12 15:18:24 -07:00
br_nf_core.c net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2019-12-24 22:28:54 -08:00
br_private.h net: bridge: propagate error code and extack from br_mc_disabled_update 2021-04-14 14:32:05 -07:00
br_private_cfm.h bridge: cfm: Kernel space implementation of CFM. CCM frame RX added. 2020-10-29 18:39:43 -07:00
br_private_mcast_eht.h net: bridge: multicast: make tracked EHT hosts limit configurable 2021-01-27 17:40:35 -08:00
br_private_mrp.h bridge: mrp: Extend br_mrp_switchdev to detect better the errors 2021-02-16 14:47:46 -08:00
br_private_stp.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
br_private_tunnel.h net: bridge: vlan options: add support for tunnel mapping set/del 2020-03-17 22:47:12 -07:00
br_stp.c net: bridge: add helper to retrieve the current ageing time 2021-03-23 14:49:05 -07:00
br_stp_bpdu.c net: bridge: add STP xstats 2019-12-14 20:02:36 -08:00
br_stp_if.c net: remove newlines in NL_SET_ERR_MSG_MOD 2020-05-07 17:56:14 -07:00
br_stp_timer.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
br_switchdev.c net: bridge: switchdev: include local flag in FDB notifications 2021-04-16 15:15:45 -07:00
br_sysfs_br.c net: bridge: propagate error code and extack from br_mc_disabled_update 2021-04-14 14:32:05 -07:00
br_sysfs_if.c net: bridge: don't print in br_switchdev_set_port_flag 2021-02-12 17:08:04 -08:00
br_vlan.c netfilter: flowtable: bridge vlan hardware offload and switchdev 2021-03-24 12:48:39 -07:00
br_vlan_options.c net: bridge: vlan options: move the tunnel command to the nested attribute 2020-03-20 08:52:20 -07:00
br_vlan_tunnel.c net: bridge: declare br_vlan_tunnel_lookup argument tunnel_id as __be64 2021-03-22 13:11:59 -07:00