ipv6: don't let node/interface scoped multicast traffic escape on the wire
authorHannes Frederic Sowa <hannes@stressinduktion.org>
Sun, 10 Feb 2013 02:33:35 +0000 (02:33 +0000)
committerDavid S. Miller <davem@davemloft.net>
Mon, 11 Feb 2013 19:00:54 +0000 (14:00 -0500)
Reported-by: Erik Hugne <erik.hugne@ericsson.com>
Cc: Erik Hugne <erik.hugne@ericsson.com>
Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv6/ip6_output.c

index c953825f9098c60418b945e98df9f0b7cc79b175..155eccfa77604fcd63bbeeff1db23ed184082dd6 100644 (file)
@@ -120,6 +120,13 @@ static int ip6_finish_output2(struct sk_buff *skb)
 
                IP6_UPD_PO_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCAST,
                                skb->len);
+
+               if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <=
+                   IPV6_ADDR_SCOPE_NODELOCAL &&
+                   !(dev->flags & IFF_LOOPBACK)) {
+                       kfree_skb(skb);
+                       return 0;
+               }
        }
 
        rcu_read_lock_bh();