From patchwork Wed Jan 12 18:34:08 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kuznetsov X-Patchwork-Id: 78611 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 9E6C8B6F1E for ; Thu, 13 Jan 2011 06:14:07 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755190Ab1ALTOC (ORCPT ); Wed, 12 Jan 2011 14:14:02 -0500 Received: from minus.inr.ac.ru ([194.67.69.97]:50636 "HELO ms2.inr.ac.ru" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with SMTP id S1753748Ab1ALTOA (ORCPT ); Wed, 12 Jan 2011 14:14:00 -0500 X-Greylist: delayed 2387 seconds by postgrey-1.27 at vger.kernel.org; Wed, 12 Jan 2011 14:14:00 EST DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=ms2.inr.ac.ru; b=l8B/93Px7Ha55gvmulJHfPHeSvigt2iqZCa+Z+DgdtEzNDQ5XBagKeO4Op8fwjJTNUJBH/yuz8ci0EtJfGF5bB+ibtxRFE0Rq437MEPY3Igvr+GEnQplboC51aCEZpWEMNzEak11QPcfqjX2PgczV71dkGYL+WcXeyxBfFcdAMM=; Received: (from kuznet@localhost) envelope-from=kuznet by ms2.inr.ac.ru (8.6.13/ANK) id VAA08840; Wed, 12 Jan 2011 21:34:08 +0300 Date: Wed, 12 Jan 2011 21:34:08 +0300 From: Alexey Kuznetsov To: netdev@vger.kernel.org, davem@davemloft.net Subject: [PATCH] inet6: prevent network storms caused by linux IPv6 routers Message-ID: <20110112183408.GA8417@ms2.inr.ac.ru> Mime-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.6i Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Linux IPv6 forwards unicast packets, which are link layer multicasts... The hole was present since day one. I was 100% this check is there, but it is not. The problem shows itself, f.e. when Microsoft Network Load Balancer runs on a network. This software resolves IPv6 unicast addresses to multicast MAC addresses. Signed-off-by: Alexey Kuznetsov --- net/ipv6/ip6_output.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 94b5bf1..5f8d242 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -401,6 +401,9 @@ int ip6_forward(struct sk_buff *skb) goto drop; } + if (skb->pkt_type != PACKET_HOST) + goto drop; + skb_forward_csum(skb); /*