From: Florian Westphal <[email protected]> Date: Fri, 14 Apr 2017 20:22:43 +0200
> We lack a saddr check for ::1. This causes security issues e.g. with acls > permitting connections from ::1 because of assumption that these originate > from local machine. > > Assuming a source address of ::1 is local seems reasonable. > RFC4291 doesn't allow such a source address either, so drop such packets. > > Reported-by: Eric Dumazet <[email protected]> > Signed-off-by: Florian Westphal <[email protected]> Applied, thanks Florian.
