int err;
int opt, data;
socklen_t data_len = sizeof(data);
- static const struct sock_filter filter[] = {
- BPF_STMT(BPF_LD+BPF_B+BPF_ABS, 0),
- BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 0, 1),
- BPF_STMT(BPF_RET | BPF_K, 0xffff),
- BPF_STMT(BPF_RET | BPF_K, 0),
- };
-
- static const struct sock_fprog bpf = {
- .len = array_size(filter),
- .filter = (struct sock_filter *)filter,
- };
/*
* We need to create the VRF table for the pim mroute_socket
zlog_warn(
"PIM-SM will not work properly on this platform, until the ability to receive the WHOLEPKT upcall");
#endif
- if (setsockopt(pim->mroute_socket, SOL_SOCKET, SO_ATTACH_FILTER, &bpf, sizeof(bpf))) {
- zlog_warn("Failure to attach SO_ATTACH_FILTER on fd %d: %d %s",
- pim->mroute_socket, errno, safe_strerror(errno));
- }
}
return 0;
return -2;
}
+#if PIM_IPV == 6
+ struct icmp6_filter filter[1];
+ int ret;
+
+ /* Unlike IPv4, this socket is not used for MLD, so just drop
+ * everything with an empty ICMP6 filter. Otherwise we get
+ * all kinds of garbage here, possibly even non-multicast
+ * related ICMPv6 traffic (e.g. ping)
+ *
+ * (mroute kernel upcall "packets" are injected directly on the
+ * socket, this sockopt -or any other- has no effect on them)
+ */
+ ICMP6_FILTER_SETBLOCKALL(filter);
+ ret = setsockopt(fd, SOL_ICMPV6, ICMP6_FILTER, filter,
+ sizeof(filter));
+ if (ret)
+ zlog_err(
+ "(VRF %s) failed to set mroute control filter: %m",
+ pim->vrf->name);
+#endif
+
#ifdef SO_BINDTODEVICE
if (pim->vrf->vrf_id != VRF_DEFAULT
&& setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE,
projects / mirror / frr.git / commitdiff