From: Paolo Abeni <pab...@redhat.com>
Date: Mon, 21 Mar 2016 16:42:11 +0100
> Currently, ingress ipv4 broadcast datagrams are dropped if the
> ingress interface lacks an ipv4 address. This is caused by
> multiple issues:
>
> - in udp_v4_early_demux() ip_check_mc_rcu is invoked even on
> bcast packets
>
> - ip_route_input_slow() always try to validate the source
>
> This patch tries to address both issues, invoking ip_check_mc_rcu()
> only for mcast packets and calling fib_validate_source() only
> if the in_device has an address, at least.
>
> Fixes: 6e5403093261 ("ipv4/udp: Verify multicast group is ours in
> upd_v4_early_demux()")
> Signed-off-by: Paolo Abeni <pab...@redhat.com>
I'm extremely weary to change the routing lookup code wrt. broadcast, multicast,
etc. policies, ever. The checks in there have multiple decades of precedence
and therefore are extremely dangerous to modify.
The UDP change in question didn't touch the generic routing code, therfore you
must fix this bug without modifying it either.
Sorry.
