Re: [RFC] IPv6: don't forward unspecified frames

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Shan Wei <shanwei@cn.fujitsu.com>
To: Stephen Hemminger <shemminger@vyatta.com>
Cc: David Miller <davem@davemloft.net>, netdev@vger.kernel.org
Subject: Re: [RFC] IPv6: don't forward unspecified frames
Date: Tue, 23 Feb 2010 13:11:33 +0800	[thread overview]
Message-ID: <4B836385.8090509@cn.fujitsu.com> (raw)
In-Reply-To: <20100222173153.79190176@nehalam>

Stephen Hemminger wrote, at 02/23/2010 09:31 AM:
> This showed up during UNH IPv6 conformance tests. It appears kernel
> incorrectly forwards packets with unspecified source address.

Which case? Is it about spec.p2#18 of IPv6 Ready Logo Phase 2?
I don't see the phenomenon from spec.p2#18 case.

> This looks like the place to fix this, but still not sure and have
> no easy way to test it since ping6 won't send packet with unspecified
> source address.
> 
> Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>

Kernel is coincident with the spec, see following commit.


commit f81b2e7d8cf8c6a52b7a5224c3b89cee5aeb6811
Author: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Date:   Wed Jun 25 16:55:26 2008 +0900

    ipv6: Do not forward packets with the unspecified source address.
    
    RFC4291 2.5.2.
    
    Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index fd7cd1b..871bdec 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -498,7 +498,8 @@ int ip6_forward(struct sk_buff *skb)
                int addrtype = ipv6_addr_type(&hdr->saddr);
 
                /* This check is security critical. */
-               if (addrtype & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LOOPBACK))
+               if (addrtype == IPV6_ADDR_ANY ||
+                   addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
                        goto error;
                if (addrtype & IPV6_ADDR_LINKLOCAL) {
                        icmpv6_send(skb, ICMPV6_DEST_UNREACH,

-- 
Best Regards
-----
Shan Wei

next prev parent reply	other threads:[~2010-02-23  5:11 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-02-23  1:31 [RFC] IPv6: don't forward unspecified frames Stephen Hemminger
2010-02-23  5:11 ` Shan Wei [this message]
2010-02-23 16:46   ` Stephen Hemminger
2010-02-23 18:50   ` Stephen Hemminger

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:fd7cd1b dfblob:871bdec )
 OR (
bs:"Re: [RFC] IPv6: don't forward unspecified frames" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4B836385.8090509@cn.fujitsu.com \
    --to=shanwei@cn.fujitsu.com \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    --cc=shemminger@vyatta.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.