ipv4: correct IGMP behavior on v3 query during v2-compatibility mode
authorDavid Stevens <dlstevens@us.ibm.com>
Thu, 30 Sep 2010 14:29:40 +0000 (14:29 +0000)
committerDavid S. Miller <davem@davemloft.net>
Mon, 4 Oct 2010 04:58:47 +0000 (21:58 -0700)
A recent patch to allow IGMPv2 responses to IGMPv3 queries
bypasses length checks for valid query lengths, incorrectly
resets the v2_seen timer, and does not support IGMPv1.

The following patch responds with a v2 report as required
by IGMPv2 while correcting the other problems introduced
by the patch.

Signed-Off-By: David L Stevens <dlstevens@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/igmp.c

index 1fdcacd36ce75aa5eb12d69c3c6239237258882b..2a4bb76f2132957da25326ce98653b249d9ccaaf 100644 (file)
@@ -834,7 +834,7 @@ static void igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb,
        int                     mark = 0;
 
 
-       if (len == 8 || IGMP_V2_SEEN(in_dev)) {
+       if (len == 8) {
                if (ih->code == 0) {
                        /* Alas, old v1 router presents here. */
 
@@ -856,6 +856,18 @@ static void igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb,
                igmpv3_clear_delrec(in_dev);
        } else if (len < 12) {
                return; /* ignore bogus packet; freed by caller */
+       } else if (IGMP_V1_SEEN(in_dev)) {
+               /* This is a v3 query with v1 queriers present */
+               max_delay = IGMP_Query_Response_Interval;
+               group = 0;
+       } else if (IGMP_V2_SEEN(in_dev)) {
+               /* this is a v3 query with v2 queriers present;
+                * Interpretation of the max_delay code is problematic here.
+                * A real v2 host would use ih_code directly, while v3 has a
+                * different encoding. We use the v3 encoding as more likely
+                * to be intended in a v3 query.
+                */
+               max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE);
        } else { /* v3 */
                if (!pskb_may_pull(skb, sizeof(struct igmpv3_query)))
                        return;