Commit f81b2e7d authored by YOSHIFUJI Hideaki's avatar YOSHIFUJI Hideaki

ipv6: Do not forward packets with the unspecified source address.

RFC4291 2.5.2.
Signed-off-by: default avatarYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
parent d68b8270
...@@ -498,7 +498,8 @@ int ip6_forward(struct sk_buff *skb) ...@@ -498,7 +498,8 @@ int ip6_forward(struct sk_buff *skb)
int addrtype = ipv6_addr_type(&hdr->saddr); int addrtype = ipv6_addr_type(&hdr->saddr);
/* This check is security critical. */ /* This check is security critical. */
if (addrtype & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LOOPBACK)) if (addrtype == IPV6_ADDR_ANY ||
addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK))
goto error; goto error;
if (addrtype & IPV6_ADDR_LINKLOCAL) { if (addrtype & IPV6_ADDR_LINKLOCAL) {
icmpv6_send(skb, ICMPV6_DEST_UNREACH, icmpv6_send(skb, ICMPV6_DEST_UNREACH,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment