projects / openwrt / staging / blogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 65ab999)
ipv6: don't let node/interface scoped multicast traffic escape on the wire
authorHannes Frederic Sowa <[email protected]>
Sun, 10 Feb 2013 02:33:35 +0000 (02:33 +0000)
committerDavid S. Miller <[email protected]>
Mon, 11 Feb 2013 19:00:54 +0000 (14:00 -0500)
Reported-by: Erik Hugne <[email protected]>
Cc: Erik Hugne <[email protected]>
Cc: YOSHIFUJI Hideaki <[email protected]>
Signed-off-by: Hannes Frederic Sowa <[email protected]>
Acked-by: YOSHIFUJI Hideaki <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
net/ipv6/ip6_output.c patch | blob | history

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index c953825f9098c60418b945e98df9f0b7cc79b175..155eccfa77604fcd63bbeeff1db23ed184082dd6 100644 (file)
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -120,6 +120,13 @@ static int ip6_finish_output2(struct sk_buff *skb)
 
                IP6_UPD_PO_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCAST,
                                skb->len);
+
+               if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <=
+                   IPV6_ADDR_SCOPE_NODELOCAL &&
+                   !(dev->flags & IFF_LOOPBACK)) {
+                       kfree_skb(skb);
+                       return 0;
+               }
        }
 
        rcu_read_lock_bh();
John Crispins staging tree