]> git.baikalelectronics.ru Git - kernel.git/commit
IPv6 NAT: Do not drop DNATed 6to4/6rd packets
authorCatalin\(ux\) M. BOIE <catab@embedromix.ro>
Mon, 23 Sep 2013 20:04:19 +0000 (23:04 +0300)
committerDavid S. Miller <davem@davemloft.net>
Sat, 28 Sep 2013 19:56:15 +0000 (15:56 -0400)
commit585bd50f182c2449963e2d8be81d4b9b0d19e5a2
treecaacc6c977eeb20bd408094c92a12c4bd8adfbed
parent9f10b786e20c5632e5fd301f3885070736688b6f
IPv6 NAT: Do not drop DNATed 6to4/6rd packets

When a router is doing DNAT for 6to4/6rd packets the latest
anti-spoofing commit d6b5dc46 ("ipv6: add anti-spoofing checks for
6to4 and 6rd") will drop them because the IPv6 address embedded does
not match the IPv4 destination. This patch will allow them to pass by
testing if we have an address that matches on 6to4/6rd interface.  I
have been hit by this problem using Fedora and IPV6TO4_IPV4ADDR.
Also, log the dropped packets (with rate limit).

Signed-off-by: Catalin(ux) M. BOIE <catab@embedromix.ro>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/addrconf.h
net/ipv6/addrconf.c
net/ipv6/sit.c