From: YOSHIFUJI Hideaki <[EMAIL PROTECTED]> Date: Thu, 10 Aug 2006 17:46:35 +0900 (JST)
> Hello. > > In article <[EMAIL PROTECTED]> (at Thu, 10 Aug 2006 00:37:14 +0300), Ville > Nuorvala <[EMAIL PROTECTED]> says: > > > >> commit e0ad64d5b44179ea1296d737dec23279c72c9636 > > >> Author: YOSHIFUJI Hideaki <[EMAIL PROTECTED]> > > >> Date: Wed Aug 9 17:08:33 2006 +0900 > > >> > > >> [IPV6] NDISC: Allow redirects from other interfaces if it is not > > >> strict. > > >> > > >> Signed-off-by: YOSHIFUJI Hideaki <[EMAIL PROTECTED]> > > >> > > >> diff --git a/net/ipv6/route.c b/net/ipv6/route.c > > >> index 4650787..1698fec 100644 > > >> --- a/net/ipv6/route.c > > >> +++ b/net/ipv6/route.c > > >> @@ -1322,7 +1322,7 @@ restart: > > >> continue; > > >> if (!(rt->rt6i_flags & RTF_GATEWAY)) > > >> continue; > > >> - if (fl->oif != rt->rt6i_dev->ifindex) > > >> + if ((flags & RT6_F_STRICT) && fl->oif != > > >> rt->rt6i_dev->ifindex) > > >> continue; > > >> if (!ipv6_addr_equal(&rdfl->gateway, &rt->rt6i_gateway)) > > >> continue; > > >> > > > > > > Is this absolutely safe? Doesn't this enable a malicious node on another > > > link to make a bogus redirect if it uses same link-local source address > > > as the real router on the other link. Keep in mind that the RT6_F_STRICT > > > flag is set based on the destination of the original redirected packet > > > and doesn't in any way depend on the router or source address. > : > > Ah, you're right. I'll drop this. Ok, I integrated all of these changes, dropping this RT6_F_STRICT changeset, and integrating all of Ville's sign offs and ACKs. It is all in the net-2.6.19 tree, thanks a lot. I will start to review the MIPV6 patches next. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
