On 7/30/07, David Miller <[EMAIL PROTECTED]> wrote:
> From: Flavio Leitner <[EMAIL PROTECTED]>
> Date: Mon, 30 Jul 2007 13:04:48 -0300
>
> >
> > The sock_copy() function uses memcpy() to clone the socket
> > including the struct ip_mc_socklist *mc_list pointer.
> >
> > The ip_mc_drop_socket() function is called when socket is closed
> > to free these objects leaving the other sockets cloned from the
> > same master socket with invalid pointers.
> >
> > This patch sets mc_list of cloned socket to NULL.
> >
> > Signed-off-by: Flavio Leitner <[EMAIL PROTECTED]>
>
> Allowing non-datagram sockets to end up with a non-NULL inet->mc_list
> in the first place is a bug.
>
> Multicast subscriptions cannot even be used with TCP and DCCP, which
> are the only two users of these connection oriented socket functions.
>
> The first thing that TCP and DCCP do, in fact, for input packet
> processing is drop the packet if it is not unicast.
>
> Therefore the fix really is for the inet layer to reject multicast
> subscription requests on sockets for which that absolutely does not
> make sense. There is no reason these functions in
> inet_connection_sock.c should need to be mindful of multicast
> state. :-)
Well, we can add a BUG_ON there then 8)
Flavio, take a look at do_ip_setsockopt in net/ipv4/ip_sockglue.c, in
the IP_{ADD,DROP}_MEMBERSHIP labels.
Don't forget IPV6 (net/ipv6/ipv6_sockglue.c)
- Arnaldo
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
