2.6.37-stable review patch. If anyone has any objections, please let us know.
------------------ From: Alexey Kuznetsov <[email protected]> [ Upstream commit 72b43d0898e97f588293b4a24b33c58c46633d81 ] Linux IPv6 forwards unicast packets, which are link layer multicasts... The hole was present since day one. I was 100% this check is there, but it is not. The problem shows itself, f.e. when Microsoft Network Load Balancer runs on a network. This software resolves IPv6 unicast addresses to multicast MAC addresses. Signed-off-by: Alexey Kuznetsov <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- net/ipv6/ip6_output.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -401,6 +401,9 @@ int ip6_forward(struct sk_buff *skb) goto drop; } + if (skb->pkt_type != PACKET_HOST) + goto drop; + skb_forward_csum(skb); /* _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
