Message ID | 4EB88FCC.9000509@hp.com |
---|---|
State | RFC, archived |
Delegated to: | David Miller |
Headers | show |
Hi Brian, On Mon, Nov 07, 2011 at 21:11:24 -0500, Brian Haley wrote: > On 11/07/2011 03:45 PM, Kumar Sanghvi wrote: > > Hi, > > > > I am trying to understand IPv6 behavior in Linux. > > And I have a doubt related to use of multicast address > > as source address. > > > > RFC 4291 in Section 2.7 states that: > > "Multicast addresses must not be used as source addresses > > in IPv6 packets or appear in any Routing header." > > > > However, what should be the behavior if a host receives a > > packet (probably from a malicious host with pktgen abilities) > > having a multicast address in source address field: > > 1) Should the receiving host discard the packet? > > I believe other *nixes silently drop it, can you try this patch? > > -Brian > > diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c > index 027c7ff..a46c64e 100644 > --- a/net/ipv6/ip6_input.c > +++ b/net/ipv6/ip6_input.c > @@ -111,6 +111,14 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, > struct packet_type *pt > ipv6_addr_loopback(&hdr->daddr)) > goto err; > > + /* > + * RFC4291 2.7 > + * Multicast addresses must not be used as source addresses in IPv6 > + * packets or appear in any Routing header. > + */ > + if (ipv6_addr_is_multicast(&hdr->saddr)) > + goto err; > + > skb->transport_header = skb->network_header + sizeof(*hdr); > IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); > Tested this patch on 3.1 kernel. The patch works fine and now, Linux no longer sends a response to multicast address. Thanks Brian for the patch! Reported-and-Tested-by: Kumar Sanghvi <divinekumar@gmail.com> Thanks, Kumar. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c index 027c7ff..a46c64e 100644 --- a/net/ipv6/ip6_input.c +++ b/net/ipv6/ip6_input.c @@ -111,6 +111,14 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt ipv6_addr_loopback(&hdr->daddr)) goto err; + /* + * RFC4291 2.7 + * Multicast addresses must not be used as source addresses in IPv6 + * packets or appear in any Routing header. + */ + if (ipv6_addr_is_multicast(&hdr->saddr)) + goto err; + skb->transport_header = skb->network_header + sizeof(*hdr); IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);