ipv6: don't let node/interface scoped multicast traffic escape on the wire

Reported-by: Erik Hugne <erik.hugne@ericsson.com> Cc: Erik Hugne <erik.hugne@ericsson.com> Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Hannes Frederic Sowa <hannes@stressinduktion.org> 2013-02-10 02:33:35 +0000
committer: David S. Miller <davem@davemloft.net> 2013-02-11 14:00:54 -0500
commit: dd40851521361e07c1f61e79cca941a63ad311bc (patch)
tree: 65a46a983bf53caff192d6735b85b96eb5a45c34 /net
parent: 65ab999da808f72e3fe82be8f7d35050d3126005 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index c953825f9098..155eccfa7760 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -120,6 +120,13 @@ static int ip6_finish_output2(struct sk_buff *skb)
 
 		IP6_UPD_PO_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCAST,
 				skb->len);
+
+		if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <=
+		    IPV6_ADDR_SCOPE_NODELOCAL &&
+		    !(dev->flags & IFF_LOOPBACK)) {
+			kfree_skb(skb);
+			return 0;
+		}
 	}
 
 	rcu_read_lock_bh();
author	Hannes Frederic Sowa <hannes@stressinduktion.org>	2013-02-10 02:33:35 +0000
committer	David S. Miller <davem@davemloft.net>	2013-02-11 14:00:54 -0500
commit	dd40851521361e07c1f61e79cca941a63ad311bc (patch)
tree	65a46a983bf53caff192d6735b85b96eb5a45c34 /net
parent	65ab999da808f72e3fe82be8f7d35050d3126005 (diff)