bookends.m4: Optimize checking for forwarding IPv6 link-local multicast.

Apply a coarse filter to detect all multicast, and dispatch to a
finer-grained one to detect link-local multicast addresses.  This
would be much easier if the flags and scope fields were the other way
around.

Also fix it to use the correct address range.

diff --git a/bookends.m4 b/bookends.m4
index 6faa91b161398dccfcf82c73a6c5fb5db704e96e..a0731d2fac151af0bfc1c5c0ec2d394d61cff8c8 100644 (file)
--- a/bookends.m4
+++ b/bookends.m4
@@ -211,10 +211,12 @@ case $forward in
            -m addrtype --dst-type BROADCAST
     run iptables -A FORWARD -g bad-destination-address \
            -d 224.0.0.0/24
+    clearchain check-fwd-multi
     for x in 0 1 2 3 4 5 6 7 8 9 a b c d e f; do
-      run ip6tables -A FORWARD -g bad-destination-address \
-           -d fe${x}2::/16
+      run ip6tables -A check-fwd-multi -g bad-destination-address \
+           -d ff${x}2::/16
     done
+    ip6tables -A FORWARD -j check-fwd-multi -d ff00::/8
     ;;
 esac