ipv6: sr: enforce IPv6 packets for seg6local lwt

This patch ensures that the seg6local lightweight tunnel is used solely
with IPv6 routes and processes only IPv6 packets.

Signed-off-by: David Lebrun <david.lebrun@uclouvain.be>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv6/seg6_local.c b/net/ipv6/seg6_local.c
index 609b94e970de2015c2078b217a3875e2c47ef8d8..c6263256fcf640b4a61ec80f831d64bac94645a3 100644 (file)
--- a/net/ipv6/seg6_local.c
+++ b/net/ipv6/seg6_local.c
@@ -357,6 +357,11 @@ static int seg6_local_input(struct sk_buff *skb)
        struct seg6_action_desc *desc;
        struct seg6_local_lwt *slwt;
 
+       if (skb->protocol != htons(ETH_P_IPV6)) {
+               kfree_skb(skb);
+               return -EINVAL;
+       }
+
        slwt = seg6_local_lwtunnel(orig_dst->lwtstate);
        desc = slwt->desc;
 
@@ -623,6 +628,9 @@ static int seg6_local_build_state(struct nlattr *nla, unsigned int family,
        struct seg6_local_lwt *slwt;
        int err;
 
+       if (family != AF_INET6)
+               return -EINVAL;
+
        err = nla_parse_nested(tb, SEG6_LOCAL_MAX, nla, seg6_local_policy,
                               extack);