提交 3bfb92f4 编写于 作者: S Sven Wegener 提交者: Simon Horman

ipvs: Reject ipv6 link-local addresses for destinations

We can't use non-local link-local addresses for destinations, without
knowing the interface on which we can reach the address. Reject them for
now.
Signed-off-by: NSven Wegener <sven.wegener@stealer.net>
Acked-by: NJulius Volz <juliusv@google.com>
Signed-off-by: NSimon Horman <horms@verge.net.au>
上级 77eb8516
...@@ -838,7 +838,8 @@ ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest, ...@@ -838,7 +838,8 @@ ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest,
#ifdef CONFIG_IP_VS_IPV6 #ifdef CONFIG_IP_VS_IPV6
if (svc->af == AF_INET6) { if (svc->af == AF_INET6) {
atype = ipv6_addr_type(&udest->addr.in6); atype = ipv6_addr_type(&udest->addr.in6);
if (!(atype & IPV6_ADDR_UNICAST) && if ((!(atype & IPV6_ADDR_UNICAST) ||
atype & IPV6_ADDR_LINKLOCAL) &&
!__ip_vs_addr_is_local_v6(&udest->addr.in6)) !__ip_vs_addr_is_local_v6(&udest->addr.in6))
return -EINVAL; return -EINVAL;
} else } else
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册