On Sat, 27 Oct 2018 12:07:47 +0300
Nikolay Aleksandrov <nikolay@xxxxxxxxxxxxxxxxxxx> wrote:
> Recently a check was added which prevents marking of routers with zero
> source address, but for IPv6 that cannot happen as the relevant RFCs
> actually forbid such packets:
> RFC 2710 (MLDv1):
> "To be valid, the Query message MUST
> come from a link-local IPv6 Source Address, be at least 24 octets
> long, and have a correct MLD checksum."
>
> Same goes for RFC 3810.
>
> And also it can be seen as a requirement in ipv6_mc_check_mld_query()
> which is used by the bridge to validate the message before processing
> it. Thus any queries with :: source address won't be processed anyway.
> So just remove the check for zero IPv6 source address from the query
> processing function.
>
> Fixes: 5a2de63fd1a5 ("bridge: do not add port to router list when receives query with source 0.0.0.0")
> Signed-off-by: Nikolay Aleksandrov <nikolay@xxxxxxxxxxxxxxxxxxx>
What about a broken/malicious sender? Could an all zero source be used
to poison the multicast table?
