Home Explore Help
Register Sign In
wareck
/
openwrt_lede
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 488fc98adf
Branches Tags
openwrt_lede
/
package
/
network
/
services
/
igmpproxy
/
patches
/
004-Restrict-igmp-reports-forwarding-to-upstream-interfa.patch

004-Restrict-igmp-reports-forwarding-to-upstream-interfa.patch 2.4 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. From bcd7c648e86d97263c931de53a008c9629e7797e Mon Sep 17 00:00:00 2001
    2. 

  2. From: Stefan Becker <stefan.becker@nokia.com>
    3. 

  3. Date: Fri, 11 Dec 2009 21:08:57 +0200
    4. 

  4. Subject: [PATCH] Restrict igmp reports forwarding to upstream interface
    5. 

  5. 

  6. Utilize the new "whitelist" keyword also on the upstream interface definition.
    7. 

  7. If specified then only whitelisted multicast groups will be forwarded upstream.
    8. 

  8. 

  9. This can be used to avoid publishing private multicast groups to the world,
    10. 

  10. e.g. SSDP from a UPnP server on the internal network.
    11. 

  11. ---
    12. 

  12.  doc/igmpproxy.conf.5.in |    5 +++++
    13. 

  13.  src/rttable.c           |   17 +++++++++++++++++
    14. 

  14.  2 files changed, 22 insertions(+), 0 deletions(-)
    15. 

  15. 

  16. diff --git a/doc/igmpproxy.conf.5.in b/doc/igmpproxy.conf.5.in
    17. 

  17. index 56efa22..d916f05 100644
    18. 

  18. --- a/doc/igmpproxy.conf.5.in
    19. 

  19. +++ b/doc/igmpproxy.conf.5.in
    20. 

  20. @@ -134,6 +134,11 @@ You may specify as many whitelist entries as needed. Although you should keep it
    21. 

  21.  possible, as this list is parsed for every membership report and therefore this increases igmp
    22. 

  22.  response times. Often used or large groups should be defined first, as parsing ends as soon as
    23. 

  23.  a group matches an entry.
    24. 

  24. +
    25. 

  25. +You may also specify whitelist entries for the upstream interface. Only igmp membership reports
    26. 

  26. +for explicitely whitelisted multicast groups will be sent out on the upstream interface. This
    27. 

  27. +is useful if you want to use multicast groups only between your downstream interfaces, like SSDP
    28. 

  28. +from a UPnP server.
    29. 

  29.  .RE
    30. 

  30.  
    31. 

  31.  .SH EXAMPLE
    32. 

  32. diff --git a/src/rttable.c b/src/rttable.c
    33. 

  33. index f0701a8..77dd791 100644
    34. 

  34. --- a/src/rttable.c
    35. 

  35. +++ b/src/rttable.c
    36. 

  36. @@ -117,6 +117,23 @@ void sendJoinLeaveUpstream(struct RouteTable* route, int join) {
    37. 

  37.          my_log(LOG_ERR, 0 ,"FATAL: Unable to get Upstream IF.");
    38. 

  38.      }
    39. 

  39.  
    40. 

  40. +    // Check if there is a white list for the upstram VIF
    41. 

  41. +    if (upstrIf->allowedgroups != NULL) {
    42. 

  42. +      uint32_t           group = route->group;
    43. 

  43. +        struct SubnetList* sn;
    44. 

  44. +
    45. 

  45. +        // Check if this Request is legit to be forwarded to upstream
    46. 

  46. +        for(sn = upstrIf->allowedgroups; sn != NULL; sn = sn->next)
    47. 

  47. +            if((group & sn->subnet_mask) == sn->subnet_addr)
    48. 

  48. +                // Forward is OK...
    49. 

  49. +                break;
    50. 

  50. +
    51. 

  51. +        if (sn == NULL) {
    52. 

  52. +	    my_log(LOG_INFO, 0, "The group address %s may not be forwarded upstream. Ignoring.", inetFmt(group, s1));
    53. 

  53. +            return;
    54. 

  54. +        }
    55. 

  55. +    }
    56. 

  56. +
    57. 

  57.      // Send join or leave request...
    58. 

  58.      if(join) {
    59. 

  59.  
    60. 

  60. -- 
    61. 

  61. 1.7.2.5
    62. 

  62.