ipv6: protect protocols not handling ipv4 from v4 connection/bind attempts Some ipv6 protocols cannot handle ipv4 addresses, so we must not allow connecting and binding to them. sendmsg logic does already check msg->name for this but must trust already connected sockets which could be set up for connection to ipv4 address family. Per-socket flag ipv6only is of no use here, as it is under users control by setsockopt. Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 82b276cd2b0bacd58e7c307bf8856925a68c4d14 [log] [tgz]
author: Hannes Frederic Sowa <hannes@stressinduktion.org> Mon Jan 20 05:16:39 2014 +0100
committer: David S. Miller <davem@davemloft.net> Tue Jan 21 16:59:19 2014 -0800
tree: ffc8648efa91f83f81c94ac83447dc5246a835cf
parent: 446fab59333dea91e54688f033dd8d788d0486fb [diff] [blame]
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index cd8699b..2f5e2f1 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c

@@ -205,6 +205,16 @@
 }
 EXPORT_SYMBOL_GPL(ip6_datagram_connect);
 
+int ip6_datagram_connect_v6_only(struct sock *sk, struct sockaddr *uaddr,
+				 int addr_len)
+{
+	DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, uaddr);
+	if (sin6->sin6_family != AF_INET6)
+		return -EAFNOSUPPORT;
+	return ip6_datagram_connect(sk, uaddr, addr_len);
+}
+EXPORT_SYMBOL_GPL(ip6_datagram_connect_v6_only);
+
 void ipv6_icmp_error(struct sock *sk, struct sk_buff *skb, int err,
 		     __be16 port, u32 info, u8 *payload)
 {
commit	82b276cd2b0bacd58e7c307bf8856925a68c4d14	[log] [tgz]
author	Hannes Frederic Sowa <hannes@stressinduktion.org>	Mon Jan 20 05:16:39 2014 +0100
committer	David S. Miller <davem@davemloft.net>	Tue Jan 21 16:59:19 2014 -0800
tree	ffc8648efa91f83f81c94ac83447dc5246a835cf
parent	446fab59333dea91e54688f033dd8d788d0486fb [diff] [blame]