From 3ccd316353532ff60326e91153677c308c032ecb Mon Sep 17 00:00:00 2001
From: Tom Gundersen <teg@jklm.no>
Date: Thu, 19 Nov 2015 01:23:24 +0100
Subject: sd-ndisc: drop RA packets from non-link-local addresses

See https://tools.ietf.org/html/rfc4861#section-4.2. Some routers (dnsmasq) will send packets
from global addresses, which would break the default route setup, so ignore those.

This is also what the kernel does.
---
 src/libsystemd-network/sd-ndisc.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/libsystemd-network/sd-ndisc.c')

diff --git a/src/libsystemd-network/sd-ndisc.c b/src/libsystemd-network/sd-ndisc.c
index 6703d87bc4..3bb06f6892 100644
--- a/src/libsystemd-network/sd-ndisc.c
+++ b/src/libsystemd-network/sd-ndisc.c
@@ -508,6 +508,9 @@ static int ndisc_router_advertisment_recv(sd_event_source *s, int fd, uint32_t r
                 return 0;
         }
 
+        if (!in_addr_is_link_local(AF_INET6, (const union in_addr_union*) &router.in6.sin6_addr))
+                return 0;
+
         if (ra->nd_ra_type != ND_ROUTER_ADVERT)
                 return 0;
 
-- 
cgit v1.2.3-54-g00ecf