On Fri, Apr 22, 2022 at 07:40:17PM +0200, Alexandr Nedvedicky wrote:
> > + case IPPROTO_ICMPV6:
> > + if (!pf_pull_hdr(pd->m, pd->off, &icmp6, sizeof(icmp6),
> > + NULL, reason, AF_INET6)) {
> > + DPFPRINTF(LOG_NOTICE, "IPv6 short icmp6hdr");
> > + return (PF_DROP);
> > + }
> > + /* ICMP multicast packets have router alert options */
> > + switch (icmp6.icmp6_type) {
> > + case MLD_LISTENER_QUERY:
> > + case MLD_LISTENER_REPORT:
> > + case MLD_LISTENER_DONE:
>
> I wonder if we should have a similar check we have for IPv4 address,
> where we require a multicast address. for example in case of
> MLD_LISTENER_QUERY the packet destination address should be fe80::/10.
> I need to look at RFCs more closely first. Just asking in case someone
> else
> knows from top of the head.
Where do we check multicast adddress for IPv4? At this point we
are just comparing protocol and IP options. I would not make it
more complex, so I will not add multicast adddress checks here.
bluhm
