From: Tom Gundersen <teg@jklm.no>
Date: Thu, 19 Nov 2015 00:23:24 +0000 (+0100)
Subject: sd-ndisc: drop RA packets from non-link-local addresses
X-Git-Tag: v229~310^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3ccd316353532ff60326e91153677c308c032ecb;p=thirdparty%2Fsystemd.git

sd-ndisc: drop RA packets from non-link-local addresses

See https://tools.ietf.org/html/rfc4861#section-4.2. Some routers (dnsmasq) will send packets
from global addresses, which would break the default route setup, so ignore those.

This is also what the kernel does.
---

diff --git a/src/libsystemd-network/sd-ndisc.c b/src/libsystemd-network/sd-ndisc.c
index 6703d87bc41..3bb06f68924 100644
--- a/src/libsystemd-network/sd-ndisc.c
+++ b/src/libsystemd-network/sd-ndisc.c
@@ -508,6 +508,9 @@ static int ndisc_router_advertisment_recv(sd_event_source *s, int fd, uint32_t r
                 return 0;
         }
 
+        if (!in_addr_is_link_local(AF_INET6, (const union in_addr_union*) &router.in6.sin6_addr))
+                return 0;
+
         if (ra->nd_ra_type != ND_ROUTER_ADVERT)
                 return 0;