From e160d6de4a41fcc02851a69ee2c9ede12897fcf7 Mon Sep 17 00:00:00 2001
From: itojun <>
Date: Wed, 15 Nov 2006 06:28:33 +0000
Subject: [PATCH] reject multicast packet without scope identifier specified.

---
 src/etc/netstart | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/etc/netstart b/src/etc/netstart
index c9487f36..9823cffc 100644
--- a/src/etc/netstart
+++ b/src/etc/netstart
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$OpenBSD: netstart,v 1.114 2006/06/29 17:23:28 todd Exp $
+#	$OpenBSD: netstart,v 1.115 2006/11/15 06:28:33 itojun Exp $
 
 # Strip comments (and leading/trailing whitespace if IFS is set)
 # from a file and spew to stdout
@@ -261,6 +261,10 @@ if ifconfig lo0 inet6 >/dev/null 2>&1; then
 	route -qn add -inet6 2002:0000:: -prefixlen 24 ::1 -reject > /dev/null
 	route -qn add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject > /dev/null
 
+	# Disallow packets without scope identifier.
+	route -qn add -inet6 ff01:: -prefixlen 16 ::1 -reject > /dev/null
+	route -qn add -inet6 ff02:: -prefixlen 16 ::1 -reject > /dev/null
+
 	# Completely disallow packets to IPv4 compatible prefix.
 	# This may conflict with RFC1933 under following circumstances:
 	# (1) An IPv6-only KAME node tries to originate packets to IPv4