android_kernel_xiaomi_sm8350/net/ipv6
Li Yewang 29556526b9 [IPV6]: fix BUG of ndisc_send_redirect()
When I tested IPv6 redirect function about kernel 2.6.19.1, and found
that the kernel can send redirect packets whose target address is global
address, and the target is not the actual endpoint of communication.

  But the criteria conform to RFC2461, the target address defines as
following:

  Target Address An IP address that is a better first hop to use for
                 he ICMP Destination Address.  When the target is
                 the actual endpoint of communication, i.e., the
                 destination is a neighbor, the Target Address field
                 MUST contain the same value as the ICMP Destination
                 Address field.  Otherwise the target is a better
                 first-hop router and the Target Address MUST be the
                 router's link-local address so that hosts can
                 uniquely identify routers.

According to this definition, when a router redirect to a host, the
target address either the better first-hop router's link-local address
or the same as the ICMP destination address field. But the function of
ndisc_send_redirect() in net/ipv6/ndisc.c, does not check the target
address correctly.

There is another definition about receive Redirect message in RFC2461:

8.1.  Validation of Redirect Messages

   A host MUST silently discard any received Redirect message that does
   not satisfy all of the following validity checks:
   ......
   - The ICMP Target Address is either a link-local address (when
     redirected to a router) or the same as the ICMP Destination
     Address (when redirected to the on-link destination).
   ......

And the receive redirect function of ndisc_redirect_rcv() implemented
this definition, checks the target address correctly.
    if (ipv6_addr_equal(dest, target)) {
        on_link = 1;
    } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
        ND_PRINTK2(KERN_WARNING
               "ICMPv6 Redirect: target address is not link-local.\n");
        return;
    }

So, I think the send redirect function must check the target address
also.

Signed-off-by: Li Yewang <lyw@nanjing-fnst.com>
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-30 14:33:20 -08:00
..
netfilter [NETFILTER]: nf_conntrack_ipv6: fix crash when handling fragments 2007-01-09 14:32:41 -08:00
addrconf.c [IPV6]: Fix up some CONFIG typos 2007-01-30 14:30:10 -08:00
af_inet6.c [INET]: style updates for the inet_sock->is_icsk assignment fix 2007-01-09 14:37:06 -08:00
ah6.c [IPV6]: Use kmemdup 2006-12-02 21:23:58 -08:00
anycast.c [IPV6] ADDRCONF: Convert addrconf_lock to RCU. 2006-09-22 15:20:26 -07:00
datagram.c [IPV6]: Misc endianness annotations. 2006-12-02 21:22:52 -08:00
esp6.c [IPV6]: 'info' argument of ipv6 ->err_handler() is net-endian 2006-12-02 21:21:12 -08:00
exthdrs_core.c [IPV6]: Misc endianness annotations. 2006-12-02 21:22:52 -08:00
exthdrs.c [IPV6]: Misc endianness annotations. 2006-12-02 21:22:52 -08:00
fib6_rules.c [IPv6] rules: Remove bogus tos validation check 2006-12-02 21:22:12 -08:00
icmp.c [NET]: Annotate callers of the reset of checksum.h stuff. 2006-12-02 21:23:34 -08:00
inet6_connection_sock.c [TCP]: Restore SKB socket owner setting in tcp_transmit_skb(). 2007-01-26 01:04:55 -08:00
inet6_hashtables.c [IPV6]: annotate inet6_hashtables 2006-12-02 21:21:10 -08:00
ip6_fib.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
ip6_flowlabel.c [IPV6]: flowlabels are net-endian 2006-12-02 21:21:21 -08:00
ip6_input.c [IPV6]: Per-interface statistics support. 2006-12-02 21:22:08 -08:00
ip6_output.c [NET]: Convert hh_lock to seqlock. 2006-12-08 17:19:20 -08:00
ip6_tunnel.c [IPV6]: Improve IPv6 tunnel error reporting 2006-12-02 21:30:27 -08:00
ipcomp6.c [IPV6]: 'info' argument of ipv6 ->err_handler() is net-endian 2006-12-02 21:21:12 -08:00
ipv6_sockglue.c [IPV6]: Fix IPV6_UNICAST_HOPS getsockopt(). 2006-12-13 16:48:25 -08:00
ipv6_syms.c [IPV6] ADDRCONF: Convert addrconf_lock to RCU. 2006-09-22 15:20:26 -07:00
Kconfig [NET]: Rethink mark field in struct flowi 2006-12-02 21:21:39 -08:00
Makefile [NET]: Supporting UDP-Lite (RFC 3828) in Linux 2006-12-02 21:22:46 -08:00
mcast.c [IPV6] MCAST: Fix joining all-node multicast group on device initialization. 2007-01-23 20:25:40 -08:00
mip6.c [IPV6]: Misc endianness annotations. 2006-12-02 21:22:52 -08:00
ndisc.c [IPV6]: fix BUG of ndisc_send_redirect() 2007-01-30 14:33:20 -08:00
netfilter.c [NET]: Annotate __skb_checksum_complete() and friends. 2006-12-02 21:23:38 -08:00
proc.c [NET]: Supporting UDP-Lite (RFC 3828) in Linux 2006-12-02 21:22:46 -08:00
protocol.c
raw.c [IPV6] RAW: Don't release unlocked sock. 2006-12-06 18:39:09 -08:00
reassembly.c [IPV6]: Misc endianness annotations. 2006-12-02 21:22:52 -08:00
route.c [IPV6]: Fixed the size of the netlink message notified by inet6_rt_notify(). 2007-01-23 22:09:41 -08:00
sit.c [IPV6] net/ipv6/sit.c: make 2 functions static 2006-12-02 21:26:15 -08:00
sysctl_net_ipv6.c
tcp_ipv6.c [TCP]: Fix warnings with TCP_MD5SIG disabled. 2006-12-02 21:31:52 -08:00
tunnel6.c [IPV6]: 'info' argument of ipv6 ->err_handler() is net-endian 2006-12-02 21:21:12 -08:00
udp_impl.h [NET]: Supporting UDP-Lite (RFC 3828) in Linux 2006-12-02 21:22:46 -08:00
udp.c [UDP(-Lite)]: consolidate v4 and v6 get|setsockopt code 2006-12-02 21:30:45 -08:00
udplite.c [NET]: Possible cleanups. 2006-12-02 21:31:51 -08:00
xfrm6_input.c [XFRM]: xrfm_replay_check() annotations 2006-09-28 18:02:40 -07:00
xfrm6_mode_beet.c [XFRM]: BEET mode 2006-10-04 00:31:09 -07:00
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
xfrm6_output.c
xfrm6_policy.c [NET]: Supporting UDP-Lite (RFC 3828) in Linux 2006-12-02 21:22:46 -08:00
xfrm6_state.c [XFRM]: ports in struct xfrm_selector annotated 2006-09-28 18:02:33 -07:00
xfrm6_tunnel.c [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00