ipv6: Do not use routes from locally generated RAs

When hybrid mode is enabled (accept_ra == 2), the kernel also sees RAs
generated locally. This is useful since it allows the kernel to auto-configure
its own interface addresses.

However, if 'accept_ra_defrtr' and/or 'accept_ra_rtr_pref' are set and the
locally generated RAs announce the default route and/or other route information,
the kernel happily inserts bogus routes with its own address as gateway.

With this patch, adding routes from an RA will be skiped when the RAs source
address matches any local address, just as if 'accept_ra_defrtr' and
'accept_ra_rtr_pref' were set to 0.

Signed-off-by: Andreas Hofmeister <andi@collax.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 8 insertions, 0 deletions

diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 7968bfec6138..44e5b7f2a6c1 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1221,6 +1221,9 @@ static void ndisc_router_discovery(struct sk_buff *skb)
         if (!in6_dev->cnf.accept_ra_defrtr)
                 goto skip_defrtr;
 
+        if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
+                goto skip_defrtr;
+
         lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
 
 #ifdef CONFIG_IPV6_ROUTER_PREF
@@ -1343,6 +1346,9 @@ skip_linkparms:
                 goto out;
 
 #ifdef CONFIG_IPV6_ROUTE_INFO
+        if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
+                goto skip_routeinfo;
+
         if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
                 struct nd_opt_hdr *p;
                 for (p = ndopts.nd_opts_ri;
@@ -1360,6 +1366,8 @@ skip_linkparms:
                                       &ipv6_hdr(skb)->saddr);
                 }
         }
+
+skip_routeinfo:
 #endif
 
 #ifdef CONFIG_IPV6_NDISC_NODETYPE