004-Restrict-igmp-reports-forwarding-to-upstream-interfa.patch 2.4 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162
  1. From bcd7c648e86d97263c931de53a008c9629e7797e Mon Sep 17 00:00:00 2001
  2. From: Stefan Becker <stefan.becker@nokia.com>
  3. Date: Fri, 11 Dec 2009 21:08:57 +0200
  4. Subject: [PATCH] Restrict igmp reports forwarding to upstream interface
  5. Utilize the new "whitelist" keyword also on the upstream interface definition.
  6. If specified then only whitelisted multicast groups will be forwarded upstream.
  7. This can be used to avoid publishing private multicast groups to the world,
  8. e.g. SSDP from a UPnP server on the internal network.
  9. ---
  10. doc/igmpproxy.conf.5.in | 5 +++++
  11. src/rttable.c | 17 +++++++++++++++++
  12. 2 files changed, 22 insertions(+), 0 deletions(-)
  13. diff --git a/doc/igmpproxy.conf.5.in b/doc/igmpproxy.conf.5.in
  14. index 56efa22..d916f05 100644
  15. --- a/doc/igmpproxy.conf.5.in
  16. +++ b/doc/igmpproxy.conf.5.in
  17. @@ -134,6 +134,11 @@ You may specify as many whitelist entries as needed. Although you should keep it
  18. possible, as this list is parsed for every membership report and therefore this increases igmp
  19. response times. Often used or large groups should be defined first, as parsing ends as soon as
  20. a group matches an entry.
  21. +
  22. +You may also specify whitelist entries for the upstream interface. Only igmp membership reports
  23. +for explicitely whitelisted multicast groups will be sent out on the upstream interface. This
  24. +is useful if you want to use multicast groups only between your downstream interfaces, like SSDP
  25. +from a UPnP server.
  26. .RE
  27. .SH EXAMPLE
  28. diff --git a/src/rttable.c b/src/rttable.c
  29. index f0701a8..77dd791 100644
  30. --- a/src/rttable.c
  31. +++ b/src/rttable.c
  32. @@ -117,6 +117,23 @@ void sendJoinLeaveUpstream(struct RouteTable* route, int join) {
  33. my_log(LOG_ERR, 0 ,"FATAL: Unable to get Upstream IF.");
  34. }
  35. + // Check if there is a white list for the upstram VIF
  36. + if (upstrIf->allowedgroups != NULL) {
  37. + uint32_t group = route->group;
  38. + struct SubnetList* sn;
  39. +
  40. + // Check if this Request is legit to be forwarded to upstream
  41. + for(sn = upstrIf->allowedgroups; sn != NULL; sn = sn->next)
  42. + if((group & sn->subnet_mask) == sn->subnet_addr)
  43. + // Forward is OK...
  44. + break;
  45. +
  46. + if (sn == NULL) {
  47. + my_log(LOG_INFO, 0, "The group address %s may not be forwarded upstream. Ignoring.", inetFmt(group, s1));
  48. + return;
  49. + }
  50. + }
  51. +
  52. // Send join or leave request...
  53. if(join) {
  54. --
  55. 1.7.2.5