From: Thomas Graf <tgraf@redhat.com> Date: Fri, 18 Jan 2008 15:58:55 +0100 Subject: [net] IPv6 TAHI RH0 RFC5095 update Message-id: 20080118145855.GA9906@deb O-Subject: [RHEL5.2 PATCH] BZ426904: IPv6 TAHI RH0 RFC5095 update Bugzilla: 426904 The original fix for the RH0 security issues broke some IPv6 semantics and the TAHI test failed. Instead of silently dropping RH0 messages, an icmp error message must be sent back in order to conform to the standards and pass the TAHI tests. The patch has been run on the TAHI testsuite, results can be found here: http://focus.brisbane.redhat.com/~zwu/RHEL5.1-Server-20071017.0/20080118/Self_Test_1-5-0b2/spec.p2/39.html Please ACK. Acked-by: "David S. Miller" <davem@redhat.com> diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c index 2b2cd28..baefe8e 100644 --- a/net/ipv6/exthdrs.c +++ b/net/ipv6/exthdrs.c @@ -241,20 +241,6 @@ static int ipv6_rthdr_rcv(struct sk_buff **skbp) hdr = (struct ipv6_rt_hdr *) skb->h.raw; - switch (hdr->type) { - case IPV6_SRCRT_TYPE_0: - /* Completely disallow routing header type 0 for now, it can be - * made conditional at a later point if needed. Even though the - * code is non functional at the moment, it is left intact to - * allow backporting Mobile IPv6 later on. */ - kfree_skb(skb); - return -1; - default: - IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INHDRERRORS); - icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->type) - skb->nh.raw); - return -1; - } - if (ipv6_addr_is_multicast(&skb->nh.ipv6h->daddr) || skb->pkt_type != PACKET_HOST) { IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), @@ -274,6 +260,12 @@ looped_back: return 1; } + /* Disallow rthdr until MIP6 code is back ported. */ + IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INHDRERRORS); + icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, + (&hdr->type) - skb->nh.raw); + return -1; + if (hdr->hdrlen & 0x01) { IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INHDRERRORS); icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->hdrlen) - skb->nh.raw);