libndp: apply filter to raw socket to only accept ND messages

Use setsockopt() to set a filter on the socket and accept only Neighbor discover packets. This avoids wasting processing power on frames we're not interested in. Signed-off-by: Beniamino Galvani <bgalvani@redhat.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com>
author: Beniamino Galvani <bgalvani@redhat.com> 2016-08-23 14:54:36 +0200
committer: Jiri Pirko <jiri@mellanox.com> 2016-08-29 09:06:07 +0200
commit: e8b90ce2d6ebf846cb0c9a3255d4deacf075f9c4 (patch)
tree: 8ea4a938710405603b4135e3c8ca8d364218b0d9
parent: 398c8ee38d6a82ce4e2a461eebd7b5fbca8ecf94 (diff)
download: libndp-e8b90ce2d6ebf846cb0c9a3255d4deacf075f9c4.tar.gz
1 files changed, 13 insertions, 1 deletions
diff --git a/libndp/libndp.c b/libndp/libndp.c
index 66db796..baacb76 100644
--- a/libndp/libndp.c
+++ b/libndp/libndp.c
@@ -1737,10 +1737,11 @@ free_msg:
 static int ndp_sock_open(struct ndp *ndp)
 {
 	int sock;
-	//struct icmp6_filter flt;
+	struct icmp6_filter flt;
 	int ret;
 	int err;
 	int val;
+	int i;
 
 	sock = socket(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
 	if (sock == -1) {
@@ -1775,6 +1776,17 @@ static int ndp_sock_open(struct ndp *ndp)
 		goto close_sock;
 	}
 
+	ICMP6_FILTER_SETBLOCKALL(&flt);
+	for (i = 0; i < NDP_MSG_TYPE_LIST_SIZE; i++)
+		ICMP6_FILTER_SETPASS(ndp_msg_type_info(i)->raw_type, &flt);
+	ret = setsockopt(sock, IPPROTO_ICMPV6, ICMP6_FILTER, &flt,
+			 sizeof(flt));
+	if (ret == -1) {
+		err(ndp, "Failed to setsockopt ICMP6_FILTER.");
+		err = -errno;
+		goto close_sock;
+	}
+
 	ndp->sock = sock;
 	return 0;
 close_sock:
author	Beniamino Galvani <bgalvani@redhat.com>	2016-08-23 14:54:36 +0200
committer	Jiri Pirko <jiri@mellanox.com>	2016-08-29 09:06:07 +0200
commit	e8b90ce2d6ebf846cb0c9a3255d4deacf075f9c4 (patch)
tree	8ea4a938710405603b4135e3c8ca8d364218b0d9
parent	398c8ee38d6a82ce4e2a461eebd7b5fbca8ecf94 (diff)
download	libndp-e8b90ce2d6ebf846cb0c9a3255d4deacf075f9c4.tar.gz