Looks like there is this test already: if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <= IPV6_ADDR_SCOPE_NODELOCAL && !(dev->flags & IFF_LOOPBACK)) { kfree_skb(skb); return 0; } On Tue, May 2, 2017 at 9:59 PM, David Miller <davem@xxxxxxxxxxxxx> wrote: > From: Donatas Abraitis <donatas.abraitis@xxxxxxxxx> > Date: Thu, 27 Apr 2017 10:12:02 +0300 > >> RFC4291 2.7 Routers must not forward any multicast packets >> beyond of the scope indicated by the scop field in the >> destination multicast address. >> >> Signed-off-by: Donatas Abraitis <donatas.abraitis@xxxxxxxxx> > > I think it's a ">=" test which is needed here, not pure equality. > Scopes are subsets of other scopes and are therefore allowed within > eachother. > > Did you actually see misbehavior due to this issue, or see a real > bonafide conformance test fail? > > If you're just reading the RFC and sticking tests here and there based > upon what you read, without any testing or real life verification of > the issue, this is _strongly_ discouraged. > > It would even be ok if you merely showed how another open source > networking stack makes this test. -- Donatas