diff options
| author | YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> | 2008-06-25 03:55:26 -0400 |
|---|---|---|
| committer | YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> | 2008-07-03 04:51:55 -0400 |
| commit | f81b2e7d8cf8c6a52b7a5224c3b89cee5aeb6811 (patch) | |
| tree | 963b5fc56836c958ef95144bb3dbf1517b0f90c3 /net/ipv6 | |
| parent | d68b82705a4a754e5773f412c6b8f1e65259bc8b (diff) | |
ipv6: Do not forward packets with the unspecified source address.
RFC4291 2.5.2.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/ip6_output.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index fd7cd1bfe151..871bdec09edb 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c | |||
| @@ -498,7 +498,8 @@ int ip6_forward(struct sk_buff *skb) | |||
| 498 | int addrtype = ipv6_addr_type(&hdr->saddr); | 498 | int addrtype = ipv6_addr_type(&hdr->saddr); |
| 499 | 499 | ||
| 500 | /* This check is security critical. */ | 500 | /* This check is security critical. */ |
| 501 | if (addrtype & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LOOPBACK)) | 501 | if (addrtype == IPV6_ADDR_ANY || |
| 502 | addrtype & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LOOPBACK)) | ||
| 502 | goto error; | 503 | goto error; |
| 503 | if (addrtype & IPV6_ADDR_LINKLOCAL) { | 504 | if (addrtype & IPV6_ADDR_LINKLOCAL) { |
| 504 | icmpv6_send(skb, ICMPV6_DEST_UNREACH, | 505 | icmpv6_send(skb, ICMPV6_DEST_UNREACH, |