From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 4 Oct 2019 08:39:26 +0000 (+0200)
Subject: kernel-netlink: Don't enumerate deprecated IPv6 addresses
X-Git-Tag: 5.8.2dr2~21^2~1
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=64795cc4169df00e572455b92d0a7b450f645074;p=thirdparty%2Fstrongswan.git

kernel-netlink: Don't enumerate deprecated IPv6 addresses
---

diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index c22e379628..165fb42d13 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1603,8 +1603,9 @@ CALLBACK(filter_addresses, bool,
 		{	/* address is regular, but not requested */
 			continue;
 		}
-		if (addr->scope >= RT_SCOPE_LINK)
-		{	/* skip addresses with a unusable scope */
+		if (addr->flags & IFA_F_DEPRECATED ||
+			addr->scope >= RT_SCOPE_LINK)
+		{	/* skip deprecated addresses or those with an unusable scope */
 			continue;
 		}
 		*out = addr->ip;