From: Johannes Berg <johannes.berg@xxxxxxxxx> RFC 1122 says that unicast packets encapsulated in broadcast link-layer packets should be dropped. Implement that, but also extend it to link-layer multicast packets. Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> --- net/ipv4/route.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index eaa4b000c7b4..c374fcc73ee0 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1710,6 +1710,23 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, goto no_route; } + /* RFC 1122 3.3.6: + * + * When a host sends a datagram to a link-layer broadcast address, + * the IP destination address MUST be a legal IP broadcast or IP + * multicast address. + * + * A host SHOULD silently discard a datagram that is received via + * a link-layer broadcast (see Section 2.4) but does not specify + * an IP multicast or broadcast destination address. + * + * We also do this for link-layer multicast. + */ + if ((skb->pkt_type == PACKET_BROADCAST || + skb->pkt_type == PACKET_MULTICAST) && + res.type != RTN_BROADCAST) + goto e_inval; + if (res.type == RTN_BROADCAST) goto brd_input; -- 2.0.0 -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
