diff options
| author | David S. Miller <davem@davemloft.net> | 2008-04-08 02:33:36 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-04-08 02:33:36 -0700 |
| commit | 8eefca4888c986d993b2571eb31f0397a5d0a178 (patch) | |
| tree | adc659aba0eaaaaa3d33db20d7c759dfc5f0669b /net/ipv6/ndisc.c | |
| parent | 549e028d012fab01e5726943d4afecd0c33d64e6 (diff) | |
| parent | de357cc01334a468e4d5b7ba66a17b0d3ca9d63e (diff) | |
| download | linux-8eefca4888c986d993b2571eb31f0397a5d0a178.tar.gz | |
Merge branch 'net-2.6.26-isatap-20080403' of git://git.linux-ipv6.org/gitroot/yoshfuji/linux-2.6-dev
Diffstat (limited to 'net/ipv6/ndisc.c')
| -rw-r--r-- | net/ipv6/ndisc.c | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c index 06d80c6dc5ce..b3295d82fece 100644 --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c @@ -1093,6 +1093,14 @@ static void ndisc_router_discovery(struct sk_buff *skb) return; } +#ifdef CONFIG_IPV6_NDISC_NODETYPE + if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { + ND_PRINTK2(KERN_WARNING + "ICMPv6 RA: from host or unauthorized router\n"); + return; + } +#endif + /* * set the RA_RECV flag in the interface */ @@ -1116,6 +1124,12 @@ static void ndisc_router_discovery(struct sk_buff *skb) return; } +#ifdef CONFIG_IPV6_NDISC_NODETYPE + /* skip link-specific parameters from interior routers */ + if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) + goto skip_linkparms; +#endif + if (in6_dev->if_flags & IF_RS_SENT) { /* * flag that an RA was received after an RS was sent @@ -1230,6 +1244,10 @@ skip_defrtr: } } +#ifdef CONFIG_IPV6_NDISC_NODETYPE +skip_linkparms: +#endif + /* * Process options. */ @@ -1261,7 +1279,13 @@ skip_defrtr: for (p = ndopts.nd_opts_ri; p; p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { - if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) + struct route_info *ri = (struct route_info *)p; +#ifdef CONFIG_IPV6_NDISC_NODETYPE + if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && + ri->prefix_len == 0) + continue; +#endif + if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) continue; rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, &ipv6_hdr(skb)->saddr); @@ -1269,6 +1293,12 @@ skip_defrtr: } #endif +#ifdef CONFIG_IPV6_NDISC_NODETYPE + /* skip link-specific ndopts from interior routers */ + if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) + goto out; +#endif + if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { struct nd_opt_hdr *p; for (p = ndopts.nd_opts_pi; @@ -1332,6 +1362,16 @@ static void ndisc_redirect_rcv(struct sk_buff *skb) int optlen; u8 *lladdr = NULL; +#ifdef CONFIG_IPV6_NDISC_NODETYPE + switch (skb->ndisc_nodetype) { + case NDISC_NODETYPE_HOST: + case NDISC_NODETYPE_NODEFAULT: + ND_PRINTK2(KERN_WARNING + "ICMPv6 Redirect: from host or unauthorized router\n"); + return; + } +#endif + if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { ND_PRINTK2(KERN_WARNING "ICMPv6 Redirect: source address is not link-local.\n"); |