Date: Thu, 10 Sep 2009 05:58:32 GMT From: Stef Walter <stef@memberwebs.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/138690: Multicast: uninited memory used in filter at IP_DROP_MEMBERSHIP + IP_ADD_MEMBERSHIP Message-ID: <200909100558.n8A5wWDc068798@www.freebsd.org> Resent-Message-ID: <200909100600.n8A60Ahj058409@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 138690
>Category: kern
>Synopsis: Multicast: uninited memory used in filter at IP_DROP_MEMBERSHIP + IP_ADD_MEMBERSHIP
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Sep 10 06:00:09 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Stef Walter
>Release: 8.0-BETA4
>Organization:
>Environment:
FreeBSD northstar-gate.ws.local 8.0-BETA4 FreeBSD 8.0-BETA4 #8: Thu Sep 10 05:15:49 UTC 2009 op@northstar-gate.ws.local:/usr/src/sys/i386/compile/MESHNODE i386
>Description:
If a multicast caller does an IP_DROP_MEMBERSHIP followed by a
IP_ADD_MEMBERSHIP, often an uninitialized filter is used for the
in_mfilter passed to in_joingroup_locked() in netinet/in_mcast.c.
The IP_ADD_MEMBERSHIP and IP_DROP_MEMBERSHIP have simple in_mreq input,
and are not using SSM or any of the new IGMPv3 features.
>How-To-Repeat:
This results in the following behavior shown by ifmcstat. Before the
drop + add you can see the following groups for the northstar1
interface. Note that 224.0.0.5 (ie: OSPF-ALL.MCAST.NET) is subscribed
with an empty exclude filter as you would expect from simple ASM mode:
> > # ifmcstat -i northstar1
> > northstar1:
> > inet 172.28.1.66
> > igmpv3 flags=0<> rv 2 qi 125 qri 10 uri 3
> > group 224.0.0.5 mode exclude
> > group 224.0.0.1 mode exclude
After the drop + add, it looks like the following. Note that now
224.0.0.5 is subscribed with an empty *include* filter which results in
no packets received.
> > # ifmcstat -i northstar1
> > northstar1:
> > inet 172.28.1.66
> > igmpv3 flags=0<> rv 2 qi 125 qri 10 uri 3
> > group 224.0.0.1 mode exclude
> > group 224.0.0.5 mode include
>Fix:
Patch is attached which fixes the problem. Bruce Simpson has signed off on this patch via the freebsd-net mailing list.
Patch attached with submission follows:
--- sys/netinet/in_mcast.c.orig 2009-08-03 08:13:06.000000000 +0000
+++ sys/netinet/in_mcast.c 2009-09-09 15:01:24.000000000 +0000
@@ -2024,6 +2050,9 @@
error = ENOMEM;
goto out_imo_free;
}
+ } else if (is_new) {
+ /* Old style ASM filter mode is always exclude */
+ imf_init(imf, MCAST_UNDEFINED, MCAST_EXCLUDE);
}
/*
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909100558.n8A5wWDc068798>