From patchwork Tue Jun 24 11:50:28 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hangbin Liu X-Patchwork-Id: 363393 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id C19371400A7 for ; Tue, 24 Jun 2014 21:51:05 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752091AbaFXLvA (ORCPT ); Tue, 24 Jun 2014 07:51:00 -0400 Received: from mail-pa0-f52.google.com ([209.85.220.52]:38622 "EHLO mail-pa0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751859AbaFXLu7 (ORCPT ); Tue, 24 Jun 2014 07:50:59 -0400 Received: by mail-pa0-f52.google.com with SMTP id eu11so159211pac.25 for ; Tue, 24 Jun 2014 04:50:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=MWvRjhaxb2NVcI6ZMNpxo5mBup/xCQzSxHuKNEdET7g=; b=ka87/FLB4mApe2o/DFobPrgp8OO0SzE6k4sX5mRmk4hgQDuhclBqIhKK/E1tMCsNhE HNgcVPkGQoii5wt2RJqGXwfydQKUFyWv05j8OIOWwNAFDYr+GL9wG5NIUBltP8ajKhQT H1ZZ3o2Op9yVQhAcwDfnvXucQgT2RJiRo00CnO4CGPD1uvZz0KD6UOuvWGJ7tde56pML gbBWTMlniPSg/xLvF7wY+MTGquSIQPhGuT1UrJE1qO4eFvm4Jp+xZyeXGxuJc1l9ecmw nC4W1cVROI4N8m6e7KqIxy2f3mepqLPZhEEHAX8SB0RMgUPoGq6/j4KzI0Xm8jQFBXzI zWzw== X-Received: by 10.68.211.233 with SMTP id nf9mr609108pbc.29.1403610658809; Tue, 24 Jun 2014 04:50:58 -0700 (PDT) Received: from localhost.localdomain.com ([203.114.244.88]) by mx.google.com with ESMTPSA id js3sm65320pbb.50.2014.06.24.04.50.55 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 24 Jun 2014 04:50:57 -0700 (PDT) From: Hangbin Liu To: network dev Cc: David Miller , Hangbin Liu Subject: [PATCH net] ipv6: Fix MLD Query message check Date: Tue, 24 Jun 2014 19:50:28 +0800 Message-Id: <1403610628-19676-1-git-send-email-liuhangbin@gmail.com> X-Mailer: git-send-email 1.8.1.4 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Based on RFC3810 6.2, we also need to check the hop limit and router alert option besides source address. Signed-off-by: Hangbin Liu --- net/ipv6/mcast.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c index 08b367c..fdf7455 100644 --- a/net/ipv6/mcast.c +++ b/net/ipv6/mcast.c @@ -1301,8 +1301,18 @@ int igmp6_event_query(struct sk_buff *skb) len = ntohs(ipv6_hdr(skb)->payload_len) + sizeof(struct ipv6hdr); len -= skb_network_header_len(skb); - /* Drop queries with not link local source */ - if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) + /* RFC3810 6.2 + * Upon reception of an MLD message that contains a Query, the node + * checks if the source address of the message is a valid link-local + * address, if the Hop Limit is set to 1, and if the Router Alert + * option is present in the Hop-By-Hop Options header of the IPv6 + * packet. If any of these checks fails, the packet is dropped. + */ + if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL) || + ipv6_hdr(skb)->hop_limit != 1 || + ipv6_hdr(skb)->nexthdr != NEXTHDR_HOP || + !(IP6CB(skb)->flags & IP6SKB_ROUTERALERT) || + IP6CB(skb)->ra != htons(IPV6_OPT_ROUTERALERT_MLD)) return -EINVAL; idev = __in6_dev_get(skb->dev);