From 9d77623944c3630f8853442b96f635dd75e8d5e0 Mon Sep 17 00:00:00 2001
From: ae <ae@FreeBSD.org>
Date: Thu, 20 Feb 2014 21:01:59 +0000
Subject: [PATCH] MFC r261835:   Drop packets to multicast address whose scop
 field contains the   reserved value 0.

Sponsored by:	Yandex LLC
---
 sys/netinet6/ip6_input.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index a94d5c22c50..8f7074114c2 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -571,7 +571,18 @@ ip6_input(struct mbuf *m)
 		in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
 		goto bad;
 	}
-
+	if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) &&
+	    IPV6_ADDR_MC_SCOPE(&ip6->ip6_dst) == 0) {
+		/*
+		 * RFC4291 2.7:
+		 * Nodes must not originate a packet to a multicast address
+		 * whose scop field contains the reserved value 0; if such
+		 * a packet is received, it must be silently dropped.
+		 */
+		IP6STAT_INC(ip6s_badscope);
+		in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
+		goto bad;
+	}
 #ifdef ALTQ
 	if (altq_input != NULL && (*altq_input)(m, AF_INET6) == 0) {
 		/* packet is dropped by traffic conditioner */
-- 
2.45.2