From: Thomas Graf <tgraf@redhat.com>
Date: Tue, 31 Mar 2009 17:16:19 +0200
Subject: [net] skip redirect msg if target addr is not link-local
Message-id: 20090331151619.GA17811@plip.localdomain
O-Subject: [RHEL5.4 PATCH] net: dont send redirect msg if target address is not link-local
Bugzilla: 481209
RH-Acked-by: Neil Horman <nhorman@redhat.com>
RH-Acked-by: Jiri Pirko <jpirko@redhat.com>
RH-Acked-by: David Miller <davem@redhat.com>

Hey all -

Current RHEL5 kernel sends redirect messages even though the target address
is not a link local unicast address. As per RFC2461:

	the redirect packet's Target Address defines as following:
	An IP address that is a better first hop to use for
	the ICMP Destination Address.  When the target is
	the actual endpoint of communication, i.e., the
	destination is a neighbor, the Target Address field
	MUST contain the same value as the ICMP Destination
	Address field.  Otherwise the target is a better
	first-hop router and the Target Address MUST be the
	router's link-local address so that hosts can
	uniquely identify routers.

Based on upstream commits:
29556526b970c2e7d4ca808b6082c33981adfdff
bf0b48dfc368c07c42b5a3a5658c8ee81b4283ac

Please ACK.

diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 850b890..c16e097 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1423,6 +1423,13 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
  		return;
  	}
 
+	if (!ipv6_addr_equal(&skb->nh.ipv6h->daddr, target) &&
+	    ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
+		ND_PRINTK2(KERN_WARNING
+			"ICMPv6 Redirect: target address is not link-local unicast.\n");
+		return;
+	}
+
 	ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &skb->nh.ipv6h->saddr,
 			dev->ifindex);