[cmaster-next] [PATCH 2/3] ldpd: remove security check to allow operation on unnumbered interfaces
Renato Westphal
renato at opensourcerouting.org
Mon Dec 12 17:31:32 EST 2016
Signed-off-by: Renato Westphal <renato at opensourcerouting.org>
---
ldpd/packet.c | 39 ++++++---------------------------------
1 file changed, 6 insertions(+), 33 deletions(-)
diff --git a/ldpd/packet.c b/ldpd/packet.c
index ad78181..b472551 100644
--- a/ldpd/packet.c
+++ b/ldpd/packet.c
@@ -297,41 +297,14 @@ disc_find_iface(unsigned int ifindex, int af, union ldpd_addr *src,
return (NULL);
/*
- * For unicast packets, we just need to make sure that the interface
- * is enabled for the given address-family.
+ * RFC 7552 - Section 5.1:
+ * "Link-local IPv6 address MUST be used as the source IP address in
+ * IPv6 LDP Link Hellos".
*/
- if (!multicast)
- return (iface);
-
- switch (af) {
- case AF_INET:
- LIST_FOREACH(if_addr, &iface->addr_list, entry) {
- if (if_addr->af != AF_INET)
- continue;
-
- switch (iface->type) {
- case IF_TYPE_POINTOPOINT:
- if (if_addr->dstbrd.v4.s_addr == src->v4.s_addr)
- return (iface);
- break;
- default:
- mask = prefixlen2mask(if_addr->prefixlen);
- if ((if_addr->addr.v4.s_addr & mask) ==
- (src->v4.s_addr & mask))
- return (iface);
- break;
- }
- }
- break;
- case AF_INET6:
- if (IN6_IS_ADDR_LINKLOCAL(&src->v6))
- return (iface);
- break;
- default:
- fatalx("disc_find_iface: unknown af");
- }
+ if (multicast && af == AF_INET6 && !IN6_IS_ADDR_LINKLOCAL(&src->v6))
+ return (NULL);
- return (NULL);
+ return (iface);
}
int
--
1.9.1
More information about the dev
mailing list