From: Linus Lüssing <linus.luessing@xxxxxx> Date: Tue, 4 Mar 2014 03:57:35 +0100 > MLD queries are supposed to have an IPv6 link-local source address > according to RFC2710, section 4 and RFC3810, section 5.1.14. This patch > adds a sanity check to ignore such broken MLD queries. > > Without this check, such malformed MLD queries can result in a > denial of service: The queries are ignored by any MLD listener > therefore they will not respond with an MLD report. However, > without this patch these malformed MLD queries would enable the > snooping part in the bridge code, potentially shutting down the > according ports towards these hosts for multicast traffic as the > bridge did not learn about these listeners. > > Reported-by: Jan Stancek <jstancek@xxxxxxxxxx> > Signed-off-by: Linus Lüssing <linus.luessing@xxxxxx> Applied.
