Re: [PATCH net] ipv6: drop non loopback packets claiming to originate from ::1

From: Florian Westphal Date: Fri, 14 Apr 2017 20:22:43 +0200 > We lack a saddr check for ::1. This causes security issues e.g. with acls > permitting connections from ::1 because of assumption that these originate > from local machine. > > Assuming a source address of ::1 is

Re: [PATCH net] ipv6: drop non loopback packets claiming to originate from ::1

On Fri, Apr 14, 2017, at 20:22, Florian Westphal wrote: > We lack a saddr check for ::1. This causes security issues e.g. with acls > permitting connections from ::1 because of assumption that these > originate > from local machine. > > Assuming a source address of ::1 is local seems reasonable.

Re: [PATCH net] ipv6: drop non loopback packets claiming to originate from ::1

On Fri, 2017-04-14 at 20:22 +0200, Florian Westphal wrote: > We lack a saddr check for ::1. This causes security issues e.g. with acls > permitting connections from ::1 because of assumption that these originate > from local machine. > > Assuming a source address of ::1 is local seems reasonable.

[PATCH net] ipv6: drop non loopback packets claiming to originate from ::1

We lack a saddr check for ::1. This causes security issues e.g. with acls permitting connections from ::1 because of assumption that these originate from local machine. Assuming a source address of ::1 is local seems reasonable. RFC4291 doesn't allow such a source address either, so drop such