]> err.no Git - linux-2.6/commitdiff
[IPV6]: Don't forward packets to proxied link-local address.
authorVille Nuorvala <vnuorval@tcs.hut.fi>
Fri, 22 Sep 2006 21:42:18 +0000 (14:42 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Fri, 22 Sep 2006 22:20:22 +0000 (15:20 -0700)
Proxying router can't forward traffic sent to link-local address, so signal
the sender and discard the packet. This behavior is clarified by Mobile IPv6
specification (RFC3775) but might be required for all proxying router.
Based on MIPL2 kernel patch.

Signed-off-by: Ville Nuorvala <vnuorval@tcs.hut.fi>
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
net/ipv6/ip6_output.c

index 0f56e9e69a8f984804e6ab85ec1e6789ce7a64e4..b2be749d22172d540d85093ea4d059cc9f289a70 100644 (file)
@@ -345,6 +345,16 @@ static int ip6_forward_proxy_check(struct sk_buff *skb)
                }
        }
 
+       /*
+        * The proxying router can't forward traffic sent to a link-local
+        * address, so signal the sender and discard the packet. This
+        * behavior is clarified by the MIPv6 specification.
+        */
+       if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
+               dst_link_failure(skb);
+               return -1;
+       }
+
        return 0;
 }
 
@@ -403,8 +413,13 @@ int ip6_forward(struct sk_buff *skb)
        }
 
        if (pneigh_lookup(&nd_tbl, &hdr->daddr, skb->dev, 0)) {
-               if (ip6_forward_proxy_check(skb))
+               int proxied = ip6_forward_proxy_check(skb);
+               if (proxied > 0)
                        return ip6_input(skb);
+               else if (proxied < 0) {
+                       IP6_INC_STATS(IPSTATS_MIB_INDISCARDS);
+                       goto drop;
+               }
        }
 
        if (!xfrm6_route_forward(skb)) {