[cmaster-next] [PATCH 2/3] ldpd: remove security check to allow operation on unnumbered interfaces

[Renato Westphal]

Signed-off-by: Renato Westphal <renato at opensourcerouting.org>
---
 ldpd/packet.c | 39 ++++++---------------------------------
 1 file changed, 6 insertions(+), 33 deletions(-)

diff --git a/ldpd/packet.c b/ldpd/packet.c
index ad78181..b472551 100644
--- a/ldpd/packet.c
+++ b/ldpd/packet.c
@@ -297,41 +297,14 @@ disc_find_iface(unsigned int ifindex, int af, union ldpd_addr *src,
 		return (NULL);
 
 	/*
-	 * For unicast packets, we just need to make sure that the interface
-	 * is enabled for the given address-family.
+	 * RFC 7552 - Section 5.1:
+	 * "Link-local IPv6 address MUST be used as the source IP address in
+	 * IPv6 LDP Link Hellos".
 	 */
-	if (!multicast)
-		return (iface);
-
-	switch (af) {
-	case AF_INET:
-		LIST_FOREACH(if_addr, &iface->addr_list, entry) {
-			if (if_addr->af != AF_INET)
-				continue;
-
-			switch (iface->type) {
-			case IF_TYPE_POINTOPOINT:
-				if (if_addr->dstbrd.v4.s_addr == src->v4.s_addr)
-					return (iface);
-				break;
-			default:
-				mask = prefixlen2mask(if_addr->prefixlen);
-				if ((if_addr->addr.v4.s_addr & mask) ==
-				    (src->v4.s_addr & mask))
-					return (iface);
-				break;
-			}
-		}
-		break;
-	case AF_INET6:
-		if (IN6_IS_ADDR_LINKLOCAL(&src->v6))
-			return (iface);
-		break;
-	default:
-		fatalx("disc_find_iface: unknown af");
-	}
+	if (multicast && af == AF_INET6 && !IN6_IS_ADDR_LINKLOCAL(&src->v6))
+		return (NULL);
 
-	return (NULL);
+	return (iface);
 }
 
 int
-- 
1.9.1