| Message ID | 1430491194-16615-1-git-send-email-andrew@lunn.ch |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
From: Andrew Lunn <andrew@lunn.ch> Date: Fri, 1 May 2015 16:39:54 +0200 > In setups with a global scope address on an interface, and a lesser > scope address on an interface sending IGMP reports, the reports can be > sent using the other interfaces global scope address rather than the > local interface address. RFC 2236 suggests: > > Ignore the Report if you cannot identify the source address of > the packet as belonging to a subnet assigned to the interface on > which the packet was received. > > since such reports could be forged. > > Look at the protocol when deciding if a RT_SCOPE_LINK address should > be used for the packet. > > Signed-off-by: Andrew Lunn <andrew@lunn.ch> Applied, thanks Andrew. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index a78540f28276..9aa43c4dc2a7 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2096,7 +2096,8 @@ struct rtable *__ip_route_output_key(struct net *net, struct flowi4 *fl4) goto out; } if (ipv4_is_local_multicast(fl4->daddr) || - ipv4_is_lbcast(fl4->daddr)) { + ipv4_is_lbcast(fl4->daddr) || + fl4->flowi4_proto == IPPROTO_IGMP) { if (!fl4->saddr) fl4->saddr = inet_select_addr(dev_out, 0, RT_SCOPE_LINK);
In setups with a global scope address on an interface, and a lesser scope address on an interface sending IGMP reports, the reports can be sent using the other interfaces global scope address rather than the local interface address. RFC 2236 suggests: Ignore the Report if you cannot identify the source address of the packet as belonging to a subnet assigned to the interface on which the packet was received. since such reports could be forged. Look at the protocol when deciding if a RT_SCOPE_LINK address should be used for the packet. Signed-off-by: Andrew Lunn <andrew@lunn.ch> --- Not sure what to use for a Fixes: tag. All 3.x kernels have this problem, and it seems to go back a long way. net/ipv4/route.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)