From e885fc278c72d3bd094de40d705ba284a4a41c46 Mon Sep 17 00:00:00 2001 From: Renato Westphal Date: Mon, 12 Dec 2016 18:26:04 -0200 Subject: ldpd: remove security check to allow operation on unnumbered interfaces Signed-off-by: Renato Westphal (cherry picked from commit f25ccbd060a2086678f8608cafc5c5a2a2cf964a) --- ldpd/packet.c | 41 ++++++----------------------------------- 1 file changed, 6 insertions(+), 35 deletions(-) (limited to 'ldpd') diff --git a/ldpd/packet.c b/ldpd/packet.c index ad7818131..be5ed8072 100644 --- a/ldpd/packet.c +++ b/ldpd/packet.c @@ -285,8 +285,6 @@ disc_find_iface(unsigned int ifindex, int af, union ldpd_addr *src, { struct iface *iface; struct iface_af *ia; - struct if_addr *if_addr; - in_addr_t mask; iface = if_lookup(leconf, ifindex); if (iface == NULL) @@ -297,41 +295,14 @@ disc_find_iface(unsigned int ifindex, int af, union ldpd_addr *src, return (NULL); /* - * For unicast packets, we just need to make sure that the interface - * is enabled for the given address-family. + * RFC 7552 - Section 5.1: + * "Link-local IPv6 address MUST be used as the source IP address in + * IPv6 LDP Link Hellos". */ - if (!multicast) - return (iface); - - switch (af) { - case AF_INET: - LIST_FOREACH(if_addr, &iface->addr_list, entry) { - if (if_addr->af != AF_INET) - continue; - - switch (iface->type) { - case IF_TYPE_POINTOPOINT: - if (if_addr->dstbrd.v4.s_addr == src->v4.s_addr) - return (iface); - break; - default: - mask = prefixlen2mask(if_addr->prefixlen); - if ((if_addr->addr.v4.s_addr & mask) == - (src->v4.s_addr & mask)) - return (iface); - break; - } - } - break; - case AF_INET6: - if (IN6_IS_ADDR_LINKLOCAL(&src->v6)) - return (iface); - break; - default: - fatalx("disc_find_iface: unknown af"); - } + if (multicast && af == AF_INET6 && !IN6_IS_ADDR_LINKLOCAL(&src->v6)) + return (NULL); - return (NULL); + return (iface); } int -- cgit v1.2.3