Re: [PATCH] bridge: mcast snooping, fix IPv6 MLD checksum calculation
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: 2011-03-27 06:38:01
Also in:
bridge
On Sun, Mar 27, 2011 at 08:27:23AM +0200, Linus Lüssing wrote:
quoted hunk ↗ jump to hunk
In contrast to IGMP, the MLDv1/2 message checksum needs to include an IPv6 "pseudo-header" in the calculations (see RFC2710, section 3.3; RFC3810, section 5.1.2). The multicast snooping feature of the bridge code however did not take this "pseudo-header" into consideration for the checksum validation when parsing a snooped IPv6 MLDv1/2 message of another host, leading to possibly ignored, though valid MLDv1/2 messages. This commit shall fix this issue. Signed-off-by: Linus Lüssing <redacted> --- net/bridge/br_multicast.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-)diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c index f61eb2e..47fae4f 100644 --- a/net/bridge/br_multicast.c +++ b/net/bridge/br_multicast.c@@ -1525,7 +1525,10 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br, break; /*FALLTHROUGH*/ case CHECKSUM_NONE: - skb2->csum = 0; + skb2->csum = ~csum_unfold(csum_ipv6_magic(&ip6h->saddr, + &ip6h->daddr, + skb2->len, + nexthdr, 0));
You also need to include the pseudo-header for the CHECKSUM_COMPLETE case, before we've fallen through (which only happens if the hardware checksum doesn't match). Thanks, -- Email: Herbert Xu [off-list ref] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt