From patchwork Tue Aug 27 11:42:24 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Duan Jiong <duanj.fnst@cn.fujitsu.com>
X-Patchwork-Id: 270095
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 5863F2C00B3
	for <patchwork-incoming@ozlabs.org>;
	Tue, 27 Aug 2013 21:43:03 +1000 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753064Ab3H0Lm7 (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Tue, 27 Aug 2013 07:42:59 -0400
Received: from cn.fujitsu.com ([222.73.24.84]:40320 "EHLO
	song.cn.fujitsu.com"
	rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP
	id S1752432Ab3H0Lm6 (ORCPT <rfc822;netdev@vger.kernel.org>);
	Tue, 27 Aug 2013 07:42:58 -0400
X-IronPort-AV: E=Sophos;i="4.89,967,1367942400"; d="scan'208";a="8318390"
Received: from unknown (HELO tang.cn.fujitsu.com) ([10.167.250.3])
	by song.cn.fujitsu.com with ESMTP; 27 Aug 2013 19:39:50 +0800
Received: from fnstmail02.fnst.cn.fujitsu.com (tang.cn.fujitsu.com
	[127.0.0.1])
	by tang.cn.fujitsu.com (8.14.3/8.13.1) with ESMTP id r7RBgtaJ015615;
	Tue, 27 Aug 2013 19:42:55 +0800
Received: from [10.167.225.86] ([10.167.225.86])
	by fnstmail02.fnst.cn.fujitsu.com (Lotus Domino Release 8.5.3)
	with ESMTP id 2013082719410094-991268 ;
	Tue, 27 Aug 2013 19:41:00 +0800
Message-ID: <521C90A0.60708@cn.fujitsu.com>
Date: Tue, 27 Aug 2013 19:42:24 +0800
From: Duan Jiong <duanj.fnst@cn.fujitsu.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:17.0) Gecko/20130612 Thunderbird/17.0.6
MIME-Version: 1.0
To: davem@davemloft.net
CC: duanj.fnst@cn.fujitsu.com, netdev@vger.kernel.org
Subject: [PATCH] ipv6:examine the IP source address legitimacy
X-MIMETrack: Itemize by SMTP Server on mailserver/fnst(Release
	8.5.3|September 15, 2011) at 2013/08/27 19:41:00,
	Serialize by Router on mailserver/fnst(Release 8.5.3|September 15,
	2011) at 2013/08/27 19:41:01,
	Serialize complete at 2013/08/27 19:41:01
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Duan Jiong <duanj.fnst@cn.fujitsu.com>

RFC4861 8.1:
The IP source address of the Redirect is the
same as the current first-hop router for the
specified ICMP Destination Address.

Signed-off-by: Duan Jiong <duanj.fnst@cn.fujitsu.com>
---
 net/ipv6/route.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 8d9a93e..d4f0f72 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1685,6 +1685,7 @@ static int ip6_route_del(struct fib6_config *cfg)
 static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb)
 {
 	struct net *net = dev_net(skb->dev);
+	struct ipv6hdr *iph = ipv6_hdr(skb);
 	struct netevent_redirect netevent;
 	struct rt6_info *rt, *nrt = NULL;
 	struct ndisc_options ndopts;
@@ -1745,7 +1746,7 @@ static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_bu
 	}
 
 	rt = (struct rt6_info *) dst;
-	if (rt == net->ipv6.ip6_null_entry) {
+	if (rt == net->ipv6.ip6_null_entry || !ipv6_addr_equal(&rt->rt6i_gateway, &iph->saddr)) {
 		net_dbg_ratelimited("rt6_redirect: source isn't a valid nexthop for redirect target\n");
 		return;
 	}