From patchwork Sun Feb 10 12:48:51 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hannes Frederic Sowa X-Patchwork-Id: 219493 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id E64AB2C0080 for ; Sun, 10 Feb 2013 23:48:56 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754602Ab3BJMsx (ORCPT ); Sun, 10 Feb 2013 07:48:53 -0500 Received: from order.stressinduktion.org ([87.106.68.36]:55339 "EHLO order.stressinduktion.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754301Ab3BJMsw (ORCPT ); Sun, 10 Feb 2013 07:48:52 -0500 Received: by order.stressinduktion.org (Postfix, from userid 500) id 14CE41A0CCB9; Sun, 10 Feb 2013 13:48:51 +0100 (CET) Date: Sun, 10 Feb 2013 13:48:51 +0100 From: Hannes Frederic Sowa To: netdev@vger.kernel.org Cc: yoshfuji@linux-ipv6.org, erik.hugne@ericsson.com Subject: [PATCH] ipv6: don't accept multicast traffic with scop 0 Message-ID: <20130210124851.GB18219@order.stressinduktion.org> Mail-Followup-To: netdev@vger.kernel.org, yoshfuji@linux-ipv6.org, erik.hugne@ericsson.com Mime-Version: 1.0 Content-Disposition: inline Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Cc: Erik Hugne Cc: YOSHIFUJI Hideaki Signed-off-by: Hannes Frederic Sowa Acked-by: YOSHIFUJI Hideaki --- net/ipv6/ip6_input.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c index 4ac5bf3..34ddebd 100644 --- a/net/ipv6/ip6_input.c +++ b/net/ipv6/ip6_input.c @@ -126,6 +126,16 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt if (ipv6_addr_is_multicast(&hdr->saddr)) goto err; + /* + * RFC4291 2.7 + * Nodes must not originate a packet to a multicast address whose scop + * field contains the reserved value 0; if such a packet is received, it + * must be silently dropped. + */ + if (ipv6_addr_is_multicast(&hdr->daddr) && + IPV6_ADDR_MC_SCOPE(&hdr->daddr) == 0) + goto err; + skb->transport_header = skb->network_header + sizeof(*hdr); IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);