summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVille Nuorvala <vnuorval@tcs.hut.fi>2006-09-23 01:42:18 +0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-23 02:20:22 +0400
commit74553b09dcd9194cbda737016f0b89f245145670 (patch)
tree75c131a859fa6152dd62913617bc8225f54c5b93
parente21e0b5f19ac7835a244c2016f7ed726f971b3e9 (diff)
downloadlinux-74553b09dcd9194cbda737016f0b89f245145670.tar.xz
[IPV6]: Don't forward packets to proxied link-local address.
Proxying router can't forward traffic sent to link-local address, so signal the sender and discard the packet. This behavior is clarified by Mobile IPv6 specification (RFC3775) but might be required for all proxying router. Based on MIPL2 kernel patch. Signed-off-by: Ville Nuorvala <vnuorval@tcs.hut.fi> Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
-rw-r--r--net/ipv6/ip6_output.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 0f56e9e69a8f..b2be749d2217 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -345,6 +345,16 @@ static int ip6_forward_proxy_check(struct sk_buff *skb)
}
}
+ /*
+ * The proxying router can't forward traffic sent to a link-local
+ * address, so signal the sender and discard the packet. This
+ * behavior is clarified by the MIPv6 specification.
+ */
+ if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL) {
+ dst_link_failure(skb);
+ return -1;
+ }
+
return 0;
}
@@ -403,8 +413,13 @@ int ip6_forward(struct sk_buff *skb)
}
if (pneigh_lookup(&nd_tbl, &hdr->daddr, skb->dev, 0)) {
- if (ip6_forward_proxy_check(skb))
+ int proxied = ip6_forward_proxy_check(skb);
+ if (proxied > 0)
return ip6_input(skb);
+ else if (proxied < 0) {
+ IP6_INC_STATS(IPSTATS_MIB_INDISCARDS);
+ goto drop;
+ }
}
if (!xfrm6_route_forward(skb)) {