Drop packets to multicast address whose scop field contains the

reserved value 0. MFC after: 1 week Sponsored by: Yandex LLC
author: ae <ae@FreeBSD.org> 2014-02-13 14:10:44 +0000
committer: ae <ae@FreeBSD.org> 2014-02-13 14:10:44 +0000
commit: 6fb6c5eabc236ca2152b864573603944b349d306 (patch)
tree: 10936399436b9ad72e19c933609b0a0cafeb073a /sys/netinet6/ip6_input.c
parent: 2a976cbc56853664acd2de0046fdb5eded04f60f (diff)
download: FreeBSD-src-6fb6c5eabc236ca2152b864573603944b349d306.zip
FreeBSD-src-6fb6c5eabc236ca2152b864573603944b349d306.tar.gz
1 files changed, 12 insertions, 1 deletions
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index 2aa3177..920b9bb 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -547,7 +547,18 @@ ip6_input(struct mbuf *m)
 		in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
 		goto bad;
 	}
-
+	if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) &&
+	    IPV6_ADDR_MC_SCOPE(&ip6->ip6_dst) == 0) {
+		/*
+		 * RFC4291 2.7:
+		 * Nodes must not originate a packet to a multicast address
+		 * whose scop field contains the reserved value 0; if such
+		 * a packet is received, it must be silently dropped.
+		 */
+		IP6STAT_INC(ip6s_badscope);
+		in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
+		goto bad;
+	}
 #ifdef ALTQ
 	if (altq_input != NULL && (*altq_input)(m, AF_INET6) == 0) {
 		/* packet is dropped by traffic conditioner */
author	ae <ae@FreeBSD.org>	2014-02-13 14:10:44 +0000
committer	ae <ae@FreeBSD.org>	2014-02-13 14:10:44 +0000
commit	6fb6c5eabc236ca2152b864573603944b349d306 (patch)
tree	10936399436b9ad72e19c933609b0a0cafeb073a /sys/netinet6/ip6_input.c
parent	2a976cbc56853664acd2de0046fdb5eded04f60f (diff)
download	FreeBSD-src-6fb6c5eabc236ca2152b864573603944b349d306.zip FreeBSD-src-6fb6c5eabc236ca2152b864573603944b349d306.tar.gz