git.baikalelectronics.ru Git - kernel.git/commit

author	Catalin\(ux\) M. BOIE <catab@embedromix.ro>
	Mon, 23 Sep 2013 20:04:19 +0000 (23:04 +0300)
committer	David S. Miller <davem@davemloft.net>
	Sat, 28 Sep 2013 19:56:15 +0000 (15:56 -0400)
commit	585bd50f182c2449963e2d8be81d4b9b0d19e5a2
tree	caacc6c977eeb20bd408094c92a12c4bd8adfbed	tree \| snapshot
parent	9f10b786e20c5632e5fd301f3885070736688b6f	commit \| diff

IPv6 NAT: Do not drop DNATed 6to4/6rd packets

When a router is doing DNAT for 6to4/6rd packets the latest
anti-spoofing commit d6b5dc46 ("ipv6: add anti-spoofing checks for
6to4 and 6rd") will drop them because the IPv6 address embedded does
not match the IPv4 destination. This patch will allow them to pass by
testing if we have an address that matches on 6to4/6rd interface. I
have been hit by this problem using Fedora and IPV6TO4_IPV4ADDR.
Also, log the dropped packets (with rate limit).

Signed-off-by: Catalin(ux) M. BOIE <catab@embedromix.ro>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/net/addrconf.h		diff \| blob \| history
net/ipv6/addrconf.c		diff \| blob \| history
net/ipv6/sit.c		diff \| blob \| history