diff options
| author | YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> | 2012-11-24 10:39:50 +0900 |
|---|---|---|
| committer | YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> | 2012-11-25 15:19:09 +0900 |
| commit | 0ae42139342f47a5a62977346f095fd94e1508c2 (patch) | |
| tree | db09f276e2f52baf44bdbf5de2cbff7ca13002a2 /ninfod | |
| parent | 761025d719c444f030bef422654235aebe984670 (diff) | |
| download | iputils-0ae42139342f47a5a62977346f095fd94e1508c2.tar.gz | |
ninfod: Discard multicat packet outside linklocal scope.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Diffstat (limited to 'ninfod')
| -rw-r--r-- | ninfod/ninfod.h | 1 | ||||
| -rw-r--r-- | ninfod/ninfod_core.c | 25 | ||||
| -rw-r--r-- | ninfod/ninfod_name.c | 6 |
3 files changed, 32 insertions, 0 deletions
diff --git a/ninfod/ninfod.h b/ninfod/ninfod.h index d0c1779..feda4fa 100644 --- a/ninfod/ninfod.h +++ b/ninfod/ninfod.h @@ -130,6 +130,7 @@ void init_nodeinfo_ipv4addr(INIT_ARGS); int pr_nodeinfo_ipv4addr(CHECKANDFILL_ARGS); /* ninfod_name.c */ +int check_nigroup(const struct in6_addr *addr); void init_nodeinfo_nodename(INIT_ARGS); int pr_nodeinfo_nodename(CHECKANDFILL_ARGS); diff --git a/ninfod/ninfod_core.c b/ninfod/ninfod_core.c index 5cc4f9f..4a81531 100644 --- a/ninfod/ninfod_core.c +++ b/ninfod/ninfod_core.c @@ -503,6 +503,31 @@ int pr_nodeinfo(struct packetcontext *p) pthread_t thread; #endif + /* Step 0: Check destination address + * discard non-linklocal multicast + * discard non-nigroup multicast address(?) + */ + if (IN6_IS_ADDR_MULTICAST(&p->pktinfo.ipi6_addr)) { + if (!IN6_IS_ADDR_MC_LINKLOCAL(&p->pktinfo.ipi6_addr)) { + DEBUG(LOG_WARNING, + "Destination is non-link-local multicast address.\n"); + ni_free(p); + return -1; + } +#if 0 + /* Do not discard NI Queries to multicast address + * other than its own NI Group Address(es) by default. + */ + if (!check_nigroup(&p->pktinfo.ipi6_addr)) { + DEBUG(LOG_WARNING, + "Destination is link-local multicast address other than " + "NI Group address.\n"); + ni_free(p); + return -1; + } +#endif + } + /* Step 1: Check length */ if (p->querylen < sizeof(struct icmp6_nodeinfo)) { DEBUG(LOG_WARNING, "Query too short\n"); diff --git a/ninfod/ninfod_name.c b/ninfod/ninfod_name.c index 3401ffe..c6e7c4a 100644 --- a/ninfod/ninfod_name.c +++ b/ninfod/ninfod_name.c @@ -142,6 +142,12 @@ static struct ipv6_mreq nigroup; /* ---------- */ /* Functions */ +int check_nigroup(const struct in6_addr *addr) +{ + return IN6_IS_ADDR_MULTICAST(&nigroup.ipv6mr_multiaddr) && + IN6_ARE_ADDR_EQUAL(&nigroup.ipv6mr_multiaddr, addr); +} + static int encode_dnsname(const char *name, char *buf, size_t buflen, int fqdn) |