On Fri, 2017-04-14 at 20:22 +0200, Florian Westphal wrote: > We lack a saddr check for ::1. This causes security issues e.g. with acls > permitting connections from ::1 because of assumption that these originate > from local machine. > > Assuming a source address of ::1 is local seems reasonable. > RFC4291 doesn't allow such a source address either, so drop such packets. > > Reported-by: Eric Dumazet <eduma...@google.com> > Signed-off-by: Florian Westphal <f...@strlen.de> > --- > net/ipv6/ip6_input.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-)
Acked-by: Eric Dumazet <eduma...@google.com>
