| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20100222173153.79190176@nehalam>
Date: Mon, 22 Feb 2010 17:31:53 -0800
From: Stephen Hemminger <shemminger@...tta.com>
To: David Miller <davem@...emloft.net>
Cc: netdev@...r.kernel.org
Subject: [RFC] IPv6: don't forward unspecified frames
This showed up during UNH IPv6 conformance tests. It appears kernel
incorrectly forwards packets with unspecified source address.
This looks like the place to fix this, but still not sure and have
no easy way to test it since ping6 won't send packet with unspecified
source address.
Signed-off-by: Stephen Hemminger <shemminger@...tta.com>
--- a/net/ipv6/ip6_output.c 2010-02-19 15:05:51.332330381 -0800
+++ b/net/ipv6/ip6_output.c 2010-02-19 15:10:28.400092910 -0800
@@ -436,6 +436,17 @@ int ip6_forward(struct sk_buff *skb)
}
/*
+ * RFC4291 2.5.2
+ *
+ * An IPv6 packet with a source address of unspecified
+ * must never be forwarded by an IPv6 router.
+ */
+ if (ipv6_addr_any(&hdr->saddr)) {
+ IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTDISCARDS);
+ goto drop;
+ }
+
+ /*
* check and decrement ttl
*/
if (hdr->hop_limit <= 1) {
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists