From: Florian Westphal <f...@strlen.de> Date: Fri, 14 Apr 2017 20:22:43 +0200
> We lack a saddr check for ::1. This causes security issues e.g. with acls > permitting connections from ::1 because of assumption that these originate > from local machine. > > Assuming a source address of ::1 is local seems reasonable. > RFC4291 doesn't allow such a source address either, so drop such packets. > > Reported-by: Eric Dumazet <eduma...@google.com> > Signed-off-by: Florian Westphal <f...@strlen.de> Applied, thanks Florian.
