proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-07 13:33:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

pim6d: use ICMP6_FILTER instead of BPF on mroute

Browse Source 
The ICMP6_FILTER option is always checked by the kernel, so the cost is
taken whether or not anything is set there.  Use it instead of taking on
additional cost with a BPF program.

Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This commit is contained in:
David Lamparter 2022-04-27 09:23:27 +02:00
parent 633a50d11c
commit fef295d439
2 changed files with 21 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pimd/pim6_mroute_msg.c
View File

@ -45,17 +45,6 @@ int pim_mroute_set(struct pim_instance *pim, int enable)
int err; int err;
int opt, data; int opt, data;
socklen_t data_len = sizeof(data); socklen_t data_len = sizeof(data);
static const struct sock_filter filter[] = {
BPF_STMT(BPF_LD+BPF_B+BPF_ABS, 0),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 0, 1),
BPF_STMT(BPF_RET | BPF_K, 0xffff),
BPF_STMT(BPF_RET | BPF_K, 0),
};
static const struct sock_fprog bpf = {
.len = array_size(filter),
.filter = (struct sock_filter *)filter,
};
/* /*
* We need to create the VRF table for the pim mroute_socket * We need to create the VRF table for the pim mroute_socket
@ -133,10 +122,6 @@ int pim_mroute_set(struct pim_instance *pim, int enable)
zlog_warn( zlog_warn(
"PIM-SM will not work properly on this platform, until the ability to receive the WHOLEPKT upcall"); "PIM-SM will not work properly on this platform, until the ability to receive the WHOLEPKT upcall");
#endif #endif
if (setsockopt(pim->mroute_socket, SOL_SOCKET, SO_ATTACH_FILTER, &bpf, sizeof(bpf))) {
zlog_warn("Failure to attach SO_ATTACH_FILTER on fd %d: %d %s",
pim->mroute_socket, errno, safe_strerror(errno));
}
} }
return 0; return 0;

21
pimd/pim_mroute.c
View File

@ -571,6 +571,27 @@ int pim_mroute_socket_enable(struct pim_instance *pim)
return -2; return -2;
} }
#if PIM_IPV == 6
struct icmp6_filter filter[1];
int ret;
/* Unlike IPv4, this socket is not used for MLD, so just drop
* everything with an empty ICMP6 filter. Otherwise we get
* all kinds of garbage here, possibly even non-multicast
* related ICMPv6 traffic (e.g. ping)
*
* (mroute kernel upcall "packets" are injected directly on the
* socket, this sockopt -or any other- has no effect on them)
*/
ICMP6_FILTER_SETBLOCKALL(filter);
ret = setsockopt(fd, SOL_ICMPV6, ICMP6_FILTER, filter,
sizeof(filter));
if (ret)
zlog_err(
"(VRF %s) failed to set mroute control filter: %m",
pim->vrf->name);
#endif
#ifdef SO_BINDTODEVICE #ifdef SO_BINDTODEVICE
if (pim->vrf->vrf_id != VRF_DEFAULT if (pim->vrf->vrf_id != VRF_DEFAULT
&& setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, && setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE,