Commit f630e43a215a3129d0c1173cae0bce6ea4855cf7
Committed by
David S. Miller
David S. Miller
1 parent
aea7427f70
Exists in
master
and in
4 other branches
ipv6: Drop packets for loopback address from outside of the box.
[ Based upon original report and patch by Karsten Keil. Karsten has verified that this fixes the TAHI test case "ICMPv6 test v6LC.5.1.2 Part F". -DaveM ] Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 2 changed files with 15 additions and 0 deletions Side-by-side Diff
include/net/ipv6.h
| ... | ... | @@ -367,6 +367,12 @@ |
| 367 | 367 | a->s6_addr32[2] | a->s6_addr32[3] ) == 0); |
| 368 | 368 | } |
| 369 | 369 | |
| 370 | +static inline int ipv6_addr_loopback(const struct in6_addr *a) | |
| 371 | +{ | |
| 372 | + return ((a->s6_addr32[0] | a->s6_addr32[1] | | |
| 373 | + a->s6_addr32[2] | (a->s6_addr32[3] ^ htonl(1))) == 0); | |
| 374 | +} | |
| 375 | + | |
| 370 | 376 | static inline int ipv6_addr_v4mapped(const struct in6_addr *a) |
| 371 | 377 | { |
| 372 | 378 | return ((a->s6_addr32[0] | a->s6_addr32[1] | |
net/ipv6/ip6_input.c
| ... | ... | @@ -102,6 +102,15 @@ |
| 102 | 102 | if (hdr->version != 6) |
| 103 | 103 | goto err; |
| 104 | 104 | |
| 105 | + /* | |
| 106 | + * RFC4291 2.5.3 | |
| 107 | + * A packet received on an interface with a destination address | |
| 108 | + * of loopback must be dropped. | |
| 109 | + */ | |
| 110 | + if (!(dev->flags & IFF_LOOPBACK) && | |
| 111 | + ipv6_addr_loopback(&hdr->daddr)) | |
| 112 | + goto err; | |
| 113 | + | |
| 105 | 114 | skb->transport_header = skb->network_header + sizeof(*hdr); |
| 106 | 115 | IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); |
| 107 | 116 |