From 225c8e6abd943886dd31d7fbd30d9bdbd8e434cb Mon Sep 17 00:00:00 2001
From: Michael Stapelberg <stapelberg@google.com>
Date: Wed, 8 Jun 2022 17:42:55 +0200
Subject: [PATCH] radvd: ignore requests from other interfaces than the
 configured one
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Announcing networks into uplinks is never a good idea 🙈
---
 internal/radvd/radvd.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/internal/radvd/radvd.go b/internal/radvd/radvd.go
index df3257d..368a9ce 100644
--- a/internal/radvd/radvd.go
+++ b/internal/radvd/radvd.go
@@ -19,6 +19,7 @@ import (
 	"log"
 	"net"
 	"net/netip"
+	"strings"
 	"sync"
 	"time"
 
@@ -93,6 +94,10 @@ func (s *Server) Serve(ifname string, conn net.PacketConn) error {
 		if err != nil {
 			return err
 		}
+		if !strings.HasSuffix(addr.String(), "%"+ifname) {
+			log.Printf("ignoring off-interface request from %v", addr)
+			continue
+		}
 		// TODO: isn’t this guaranteed by the filter above?
 		if n == 0 ||
 			ipv6.ICMPType(buf[0]) != ipv6.ICMPTypeRouterSolicitation {