From mboxrd@z Thu Jan 1 00:00:00 1970 From: Donatas Abraitis Subject: [PATCH net-next v1] net: ipv6: make sure multicast packets are not forwarded beyond the different scopes Date: Wed, 26 Apr 2017 10:15:48 +0300 Message-ID: <20170426071548.73171-1-donatas.abraitis@gmail.com> Cc: netdev@vger.kernel.org, stable@vger.kernel.org, donatas.abraitis@gmail.com To: davem@davemloft.net Return-path: Received: from mail.kvb.lt ([193.219.39.208]:55250 "EHLO list.kvb.lt" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1953170AbdDZHXf (ORCPT ); Wed, 26 Apr 2017 03:23:35 -0400 Sender: netdev-owner@vger.kernel.org List-ID: RFC4291 2.7 Routers must not forward any multicast packets beyond of the scope indicated by the scop field in the destination multicast address. Signed-off-by: Donatas Abraitis --- net/ipv6/ip6_input.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c index 9ee208a..a834797 100644 --- a/net/ipv6/ip6_input.c +++ b/net/ipv6/ip6_input.c @@ -165,6 +165,14 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt IPV6_ADDR_MC_SCOPE(&hdr->daddr) == 0) goto err; + /* RFC4291 2.7 + * Routers must not forward any multicast packets beyond of the scope + * indicated by the scop field in the destination multicast address. + */ + if (ipv6_addr_is_multicast(&hdr->daddr) && + IPV6_ADDR_MC_SCOPE(&hdr->daddr) != IPV6_ADDR_MC_SCOPE(&hdr->saddr) + goto err; + /* * RFC4291 2.7 * Multicast addresses must not be used as source addresses in IPv6 -- 2.10.0