+static int rt6_validate_source( struct sk_buff *skb) {
+ struct rt6_info *rt;
+ rt=rt6_lookup(&skb->nh.ipv6h->saddr,NULL,0,0);
+ if ( rt!=NULL ) {
+ if (rt->rt6i_idev->dev == skb->dev )
+ return 0;
Before comparing incoming interface, one could check rt->dst->error. I
think the release of rt->dst is missing too.
> + if (ipv6_devconf.rp_filter & idev->cnf.rp_filter ) {
> + if (rt6_validate_source(skb)<0) {
> + printk(KERN_WARNING "RP_FILTER-- Packet refused from \
> %x:%x:%x:%x:%x:%x:%x:%x to %x:%x:%x:%x:%x:%x:%x:%x from \
>
%s\n",NIP6(skb->nh.ipv6h->saddr),NIP6(skb->nh.ipv6h->daddr),skb->dev->name);
You should rate limit this message with LIMIT_NETDEBUG macro. Or define
a "rp_filter_log" flag in inet6_dev.
The name of both interfaces may be useful. Something like "RPF: packet
%x:%x:%x:%x:%x:%x:%x:%x received on %s, expected on %s". But it requires
to move the log into rt6_validate_source().
Regards,
Jean-Mickael
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
