| From: Hannes Frederic Sowa <hannes@stressinduktion.org> |
| Date: Sun, 10 Feb 2013 05:35:22 +0000 |
| Subject: ipv6: don't accept multicast traffic with scope 0 |
| |
| [ Upstream commit 20314092c1b41894d8c181bf9aa6f022be2416aa ] |
| |
| v2: |
| a) moved before multicast source address check |
| b) changed comment to netdev style |
| |
| Cc: Erik Hugne <erik.hugne@ericsson.com> |
| Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
| Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
| Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> |
| Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| net/ipv6/ip6_input.c | 9 +++++++++ |
| 1 file changed, 9 insertions(+) |
| |
| diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c |
| index f8d24dd..15295e9 100644 |
| --- a/net/ipv6/ip6_input.c |
| +++ b/net/ipv6/ip6_input.c |
| @@ -111,6 +111,15 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt |
| ipv6_addr_loopback(&hdr->daddr)) |
| goto err; |
| |
| + /* RFC4291 2.7 |
| + * Nodes must not originate a packet to a multicast address whose scope |
| + * field contains the reserved value 0; if such a packet is received, it |
| + * must be silently dropped. |
| + */ |
| + if (ipv6_addr_is_multicast(&hdr->daddr) && |
| + IPV6_ADDR_MC_SCOPE(&hdr->daddr) == 0) |
| + goto err; |
| + |
| /* |
| * RFC4291 2.7 |
| * Multicast addresses must not be used as source addresses in IPv6 |
