diff options
author | Beniamino Galvani <bgalvani@redhat.com> | 2016-08-23 14:54:36 +0200 |
---|---|---|
committer | Jiri Pirko <jiri@mellanox.com> | 2016-08-29 09:06:07 +0200 |
commit | e8b90ce2d6ebf846cb0c9a3255d4deacf075f9c4 (patch) | |
tree | 8ea4a938710405603b4135e3c8ca8d364218b0d9 /libndp/libndp.c | |
parent | 398c8ee38d6a82ce4e2a461eebd7b5fbca8ecf94 (diff) | |
download | libndp-e8b90ce2d6ebf846cb0c9a3255d4deacf075f9c4.tar.gz |
libndp: apply filter to raw socket to only accept ND messages
Use setsockopt() to set a filter on the socket and accept only
Neighbor discover packets. This avoids wasting processing power on
frames we're not interested in.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Diffstat (limited to 'libndp/libndp.c')
-rw-r--r-- | libndp/libndp.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/libndp/libndp.c b/libndp/libndp.c index 66db796..baacb76 100644 --- a/libndp/libndp.c +++ b/libndp/libndp.c @@ -1737,10 +1737,11 @@ free_msg: static int ndp_sock_open(struct ndp *ndp) { int sock; - //struct icmp6_filter flt; + struct icmp6_filter flt; int ret; int err; int val; + int i; sock = socket(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6); if (sock == -1) { @@ -1775,6 +1776,17 @@ static int ndp_sock_open(struct ndp *ndp) goto close_sock; } + ICMP6_FILTER_SETBLOCKALL(&flt); + for (i = 0; i < NDP_MSG_TYPE_LIST_SIZE; i++) + ICMP6_FILTER_SETPASS(ndp_msg_type_info(i)->raw_type, &flt); + ret = setsockopt(sock, IPPROTO_ICMPV6, ICMP6_FILTER, &flt, + sizeof(flt)); + if (ret == -1) { + err(ndp, "Failed to setsockopt ICMP6_FILTER."); + err = -errno; + goto close_sock; + } + ndp->sock = sock; return 0; close_sock: |