mcproxy: fix block/filtering code
mcproxy supports a generic filtering/blacklisting mechanism but it’s currently broken. In the case of routed video (e.g. mcproxy routing video from WAN -> LAN), it will forward multicast between the LAN and WAN. There are perfectly valid use cases for this like reporting but other less-appropriate things like mDNS and SSDP leak through from LAN -> WAN which is bad. Signed-off-by: Sukru Senli <sukru.senli@iopsys.eu> Signed-off-by: Chad Monroe <chad.monroe@smartrg.com> Signed-off-by: John Crispin <john@phrozen.org>
This commit is contained in:
parent
35b886649b
commit
490971e8e5
|
@ -229,3 +229,11 @@ config behaviour
|
|||
option direction 'out'
|
||||
option whitelist '1'
|
||||
option table '{(*|*)}'
|
||||
|
||||
config blocks
|
||||
# mDNS
|
||||
list entries '(*|239.255.255.0/24)'
|
||||
# SSDP
|
||||
list entries '(*|224.0.0.0/24)'
|
||||
# SLP
|
||||
list entries '(*|239.192.0.0/16)'
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
--- a/mcproxy/src/proxy/simple_mc_proxy_routing.cpp
|
||||
+++ b/mcproxy/src/proxy/simple_mc_proxy_routing.cpp
|
||||
@@ -118,13 +118,13 @@ void interface_memberships::process_upst
|
||||
for (auto source_it = cs.first.m_source_list.begin(); source_it != cs.first.m_source_list.end();) {
|
||||
|
||||
//downstream out
|
||||
- if (!cs.second->match_output_filter(interfaces::get_if_name(upstr_e.m_if_index), gaddr, source_it->saddr)) {
|
||||
+ if (!cs.second->match_output_filter(interfaces::get_if_name(upstr_e.m_if_index), source_it->saddr, gaddr)) {
|
||||
source_it = cs.first.m_source_list.erase(source_it);
|
||||
continue;
|
||||
}
|
||||
|
||||
//upstream in
|
||||
- if (!upstr_e.m_interface->match_input_filter(interfaces::get_if_name(upstr_e.m_if_index), gaddr, source_it->saddr)) {
|
||||
+ if (!upstr_e.m_interface->match_input_filter(interfaces::get_if_name(upstr_e.m_if_index), source_it->saddr, gaddr)) {
|
||||
tmp_sstate.m_source_list.insert(*source_it);
|
||||
source_it = cs.first.m_source_list.erase(source_it);
|
||||
continue;
|
||||
@@ -175,13 +175,13 @@ void interface_memberships::process_upst
|
||||
for (auto source_it = cs_it->first.m_source_list.begin(); source_it != cs_it->first.m_source_list.end();) {
|
||||
|
||||
//downstream out
|
||||
- if (!cs_it->second->match_output_filter(interfaces::get_if_name(upstr_e.m_if_index), gaddr, source_it->saddr)) {
|
||||
+ if (!cs_it->second->match_output_filter(interfaces::get_if_name(upstr_e.m_if_index), source_it->saddr, gaddr)) {
|
||||
++source_it;
|
||||
continue;
|
||||
}
|
||||
|
||||
//upstream in
|
||||
- if (!upstr_e.m_interface->match_input_filter(interfaces::get_if_name(upstr_e.m_if_index), gaddr, source_it->saddr)) {
|
||||
+ if (!upstr_e.m_interface->match_input_filter(interfaces::get_if_name(upstr_e.m_if_index), source_it->saddr, gaddr)) {
|
||||
++source_it;
|
||||
continue;
|
||||
}
|
||||
@@ -619,9 +619,9 @@ bool simple_mc_proxy_routing::check_inte
|
||||
std::string input_if_index_name = interfaces::get_if_name(input_if_index);
|
||||
if (!input_if_index_name.empty()) {
|
||||
if (interface_direction == ID_IN) {
|
||||
- return interf->match_input_filter(input_if_index_name, gaddr, saddr);
|
||||
+ return interf->match_input_filter(input_if_index_name, saddr, gaddr);
|
||||
} else if (interface_direction == ID_OUT) {
|
||||
- return interf->match_output_filter(input_if_index_name, gaddr, saddr);
|
||||
+ return interf->match_output_filter(input_if_index_name, saddr, gaddr);
|
||||
} else {
|
||||
HC_LOG_ERROR("unkown interface direction");
|
||||
return false;
|
|
@ -0,0 +1,104 @@
|
|||
--- a/mcproxy/src/proxy/proxy_instance.cpp
|
||||
+++ b/mcproxy/src/proxy/proxy_instance.cpp
|
||||
@@ -171,6 +171,9 @@ void proxy_instance::worker_thread()
|
||||
HC_LOG_TRACE("");
|
||||
while (m_running) {
|
||||
auto msg = m_job_queue.dequeue();
|
||||
+
|
||||
+ HC_LOG_DEBUG("Proxy Message: " << msg->get_message_type_name(msg->get_type()) );
|
||||
+
|
||||
switch (msg->get_type()) {
|
||||
case proxy_msg::TEST_MSG:
|
||||
(*msg)();
|
||||
@@ -190,28 +193,80 @@ void proxy_instance::worker_thread()
|
||||
} else {
|
||||
HC_LOG_DEBUG("failed to find querier of interface: " << interfaces::get_if_name(std::static_pointer_cast<timer_msg>(msg)->get_if_index()));
|
||||
}
|
||||
- }
|
||||
+ }
|
||||
break;
|
||||
case proxy_msg::GROUP_RECORD_MSG: {
|
||||
- auto r = std::static_pointer_cast<group_record_msg>(msg);
|
||||
+ auto gr = std::static_pointer_cast<group_record_msg>(msg);
|
||||
|
||||
if (m_in_debug_testing_mode) {
|
||||
std::cout << "!!--ACTION: receive record" << std::endl;
|
||||
- std::cout << *r << std::endl;
|
||||
+ std::cout << *gr << std::endl;
|
||||
std::cout << std::endl;
|
||||
}
|
||||
|
||||
- auto it = m_downstreams.find(r->get_if_index());
|
||||
+ auto slist = gr->get_slist();
|
||||
+ addr_storage saddr;
|
||||
+ if ( slist.empty() )
|
||||
+ {
|
||||
+ saddr = "0.0.0.0";
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ saddr = slist.begin()->saddr;
|
||||
+ }
|
||||
+ auto it = m_downstreams.find(gr->get_if_index());
|
||||
if (it != std::end(m_downstreams)) {
|
||||
- it->second.m_querier->receive_record(msg);
|
||||
+ // Check for input filters
|
||||
+ if ( ! it->second.m_interface->match_input_filter( interfaces::get_if_name( gr->get_if_index() ),
|
||||
+ saddr,
|
||||
+ gr->get_gaddr() )
|
||||
+ )
|
||||
+ {
|
||||
+ HC_LOG_DEBUG("group report " << gr->get_gaddr() << " filtered");
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ it->second.m_querier->receive_record(msg);
|
||||
+ }
|
||||
} else {
|
||||
- HC_LOG_DEBUG("failed to find querier of interface: " << interfaces::get_if_name(std::static_pointer_cast<timer_msg>(msg)->get_if_index()));
|
||||
+ HC_LOG_DEBUG("failed to find querier of interface: " << interfaces::get_if_name( gr->get_if_index() ));
|
||||
}
|
||||
- }
|
||||
+ }
|
||||
+ break;
|
||||
+ case proxy_msg::NEW_SOURCE_MSG: {
|
||||
+ auto sm = std::static_pointer_cast<new_source_msg>(msg);
|
||||
+ // Find the interface
|
||||
+ std::shared_ptr<interface> interf;
|
||||
+ auto it = m_downstreams.find(sm->get_if_index());
|
||||
+ if (it != std::end(m_downstreams)) {
|
||||
+ interf = it->second.m_interface;
|
||||
+ } else {
|
||||
+ for (auto & e : m_upstreams) {
|
||||
+ if (e.m_if_index == sm->get_if_index()) {
|
||||
+ interf = e.m_interface;
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ if ( !interf )
|
||||
+ {
|
||||
+ HC_LOG_DEBUG("failed to find interface: " << interfaces::get_if_name( sm->get_if_index() ) << " for Source message " << sm->get_saddr() << " | " << sm->get_gaddr() );
|
||||
+ break;
|
||||
+ }
|
||||
+ // Check for input filters
|
||||
+ if ( ! interf->match_input_filter( interfaces::get_if_name( sm->get_if_index() ),
|
||||
+ sm->get_saddr(),
|
||||
+ sm->get_gaddr() )
|
||||
+ )
|
||||
+ {
|
||||
+ HC_LOG_DEBUG("source " << sm->get_saddr() << " | " << sm->get_gaddr() << " filtered");
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ m_routing_management->event_new_source(msg);
|
||||
+ }
|
||||
+ }
|
||||
break;
|
||||
- case proxy_msg::NEW_SOURCE_MSG:
|
||||
- m_routing_management->event_new_source(msg);
|
||||
- break;
|
||||
case proxy_msg::NEW_SOURCE_TIMER_MSG:
|
||||
m_routing_management->timer_triggerd_maintain_routing_table(msg);
|
||||
break;
|
||||
return false;
|
Loading…
Reference in New Issue