bridge: prevent flooding IPv6 packets that do not have a listener

[deliverable/linux.git] / net / bridge / br_multicast.c

diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 61c5e819380e52d6347cde7186251467e921c1a0..5388955b2a3c4aec3423b463b630997cc4f06762 100644 (file)
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -1195,7 +1195,7 @@ static int br_ip6_multicast_query(struct net_bridge *br,
                max_delay = msecs_to_jiffies(ntohs(mld->mld_maxdelay));
                if (max_delay)
                        group = &mld->mld_mca;
-       } else if (skb->len >= sizeof(*mld2q)) {
+       } else {
                if (!pskb_may_pull(skb, sizeof(*mld2q))) {
                        err = -EINVAL;
                        goto out;
@@ -1203,7 +1203,8 @@ static int br_ip6_multicast_query(struct net_bridge *br,
                mld2q = (struct mld2_query *)icmp6_hdr(skb);
                if (!mld2q->mld2q_nsrcs)
                        group = &mld2q->mld2q_mca;
-               max_delay = mld2q->mld2q_mrc ? MLDV2_MRC(ntohs(mld2q->mld2q_mrc)) : 1;
+
+               max_delay = max(msecs_to_jiffies(mldv2_mrc(mld2q)), 1UL);
        }
 
        br_multicast_query_received(br, port, !ipv6_addr_any(&ip6h->saddr),
@@ -1490,8 +1491,14 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
         *  - MLD has always Router Alert hop-by-hop option
         *  - But we do not support jumbrograms.
         */
-       if (ip6h->version != 6 ||
-           ip6h->nexthdr != IPPROTO_HOPOPTS ||
+       if (ip6h->version != 6)
+               return 0;
+
+       /* Prevent flooding this packet if there is no listener present */
+       if (ipv6_is_transient_multicast(&ip6h->daddr))
+               BR_INPUT_SKB_CB(skb)->mrouters_only = 1;
+
+       if (ip6h->nexthdr != IPPROTO_HOPOPTS ||
            ip6h->payload_len == 0)
                return 0;