system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-02 09:18:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/net
History
Florian Westphal 80abbe8a82 netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses 
The ipv6 redirect target was derived from the ipv4 one, i.e. its
identical to a 'dnat' with the first (primary) address assigned to the
network interface.  The code has been moved around to make it usable
from nf_tables too, but its still the same as it was back when this
was added in 2012.

IPv6, however, has different types of addresses, if the 'wrong' address
comes first the redirection does not work.

In Daniels case, the addresses are:
  inet6 ::ffff:192 ...
  inet6 2a01: ...

... so the function attempts to redirect to the mapped address.

Add more checks before the address is deemed correct:
1. If the packets' daddr is scoped, search for a scoped address too
2. skip tentative addresses
3. skip mapped addresses

Use the first address that appears to match our needs.

Reported-by: Daniel Huhardeaux <tech@tootai.net>
Closes: https://lore.kernel.org/netfilter/71be06b8-6aa0-4cf9-9e0b-e2839b01b22f@tootai.net/
Fixes: 115e23ac78 ("netfilter: ip6tables: add REDIRECT target")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2023-11-08 16:40:30 +01:00
..
6lowpan 6lowpan: Remove redundant initialisation. 2023-03-29 08:22:52 +01:00
9p net: annotate data-races around sock->ops 2023-08-09 15:32:43 -07:00
802 net: fill in MODULE_DESCRIPTION()s under net/802* 2023-10-28 11:29:28 +01:00
8021q net: fill in MODULE_DESCRIPTION()s under net/802* 2023-10-28 11:29:28 +01:00
appletalk appletalk: remove special handling code for ipddp 2023-10-13 17:59:32 -07:00
atm net: atm: Remove redundant check. 2023-10-23 08:45:25 +01:00
ax25 net: implement lockless SO_PRIORITY 2023-10-01 19:09:54 +01:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-08-24 10:51:39 -07:00
bluetooth Bluetooth: hci_sync: Fix Opcode prints in bt_dev_dbg/err 2023-10-23 11:05:32 -07:00
bpf bpf: Prevent inlining of bpf_fentry_test7() 2023-08-30 08:36:17 +02:00
bpfilter net: Use umd_cleanup_helper() 2023-05-31 13:06:57 +02:00
bridge netfilter: add missing module descriptions 2023-11-08 13:52:32 +01:00
caif sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
can Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-10-12 17:07:34 -07:00
ceph Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-10-19 13:29:01 -07:00
core net: page_pool: add missing free_percpu when page_pool_init fail 2023-11-02 12:27:53 +01:00
dcb net: dcb: choose correct policy to parse DCB_ATTR_BCN 2023-08-01 21:07:46 -07:00
dccp dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-02 12:56:03 +01:00
devlink netlink: specs: devlink: add forgotten port function caps enum values 2023-11-01 22:13:43 -07:00
dns_resolver cred: Do not default to init_cred in prepare_kernel_cred() 2022-11-01 10:04:52 -07:00
dsa net: dsa: Rename IFLA_DSA_MASTER to IFLA_DSA_CONDUIT 2023-10-24 13:08:14 -07:00
ethernet net: ethernet: use sysfs_emit() to instead of scnprintf() 2022-12-07 20:02:44 -08:00
ethtool ethtool: untangle the linkmode and ethtool headers 2023-10-20 12:47:33 +01:00
handshake Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-10-26 13:46:28 -07:00
hsr hsr: Prevent use after free in prp_create_tagged_frame() 2023-11-01 22:26:04 -07:00
ieee802154 sysctl-6.6-rc1 2023-08-29 17:39:15 -07:00
ife net: remove redundant 'depends on NET' 2021-01-27 17:04:12 -08:00
ipv4 netfilter: add missing module descriptions 2023-11-08 13:52:32 +01:00
ipv6 netfilter: add missing module descriptions 2023-11-08 13:52:32 +01:00
iucv net/iucv: Fix size of interrupt data 2023-03-16 17:34:40 -07:00
kcm kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). 2023-09-14 10:43:51 +02:00
key Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-08-18 12:44:56 -07:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-10-05 13:16:47 -07:00
l3mdev l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 2022-04-15 14:27:24 -07:00
lapb net: lapb: Use list_for_each_entry() to simplify code in lapb_iface.c 2021-06-08 16:31:25 -07:00
llc llc: verify mac len before reading mac header 2023-11-01 22:21:32 -07:00
mac80211 wireless-next patches for v6.7 2023-10-26 20:27:58 -07:00
mac802154 Core WPAN changes: 2023-06-24 15:41:46 -07:00
mctp mctp: perform route lookups under a RCU read-side lock 2023-10-10 19:43:22 -07:00
mpls networking: Update to register_net_sysctl_sz 2023-08-15 15:26:18 -07:00
mptcp mptcp: define more local variables sk 2023-10-27 08:47:30 -07:00
ncsi ncsi: Propagate carrier gain/loss events to the NCSI controller 2023-09-18 07:06:05 +01:00
netfilter netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses 2023-11-08 16:40:30 +01:00
netlabel netlabel: Remove unused declaration netlbl_cipsov4_doi_free() 2023-08-02 12:28:22 -07:00
netlink netlink: fill in missing MODULE_DESCRIPTION() 2023-11-03 11:42:48 +00:00
netrom net: implement lockless SO_PRIORITY 2023-10-01 19:09:54 +01:00
nfc nfc: nci: fix possible NULL pointer dereference in send_acknowledge() 2023-10-16 17:34:53 -07:00
nsh net: move gso declarations and functions to their own files 2023-06-10 00:11:41 -07:00
openvswitch net: openvswitch: Annotate struct mask_array with __counted_by 2023-10-17 13:56:03 +02:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-10-12 17:07:34 -07:00
phonet sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
psample genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
qrtr net: qrtr: Handle IPCR control port format of older targets 2023-07-17 09:02:30 +01:00
rds net: prevent address rewrite in kernel_bind() 2023-10-01 19:31:29 +01:00
rfkill net: rfkill: reduce data->mtx scope in rfkill_fop_open 2023-10-11 16:55:10 +02:00
rose net: implement lockless SO_PRIORITY 2023-10-01 19:09:54 +01:00
rxrpc rxrpc: Fix two connection reaping bugs 2023-11-01 22:28:55 -07:00
sched net, sched: Fix SKB_NOT_DROPPED_YET splat under debug config 2023-11-06 08:56:25 +00:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-10-05 13:16:47 -07:00
smc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-10-19 13:29:01 -07:00
strparser strparser: pad sk_skb_cb to avoid straddling cachelines 2022-07-08 18:38:44 -07:00
sunrpc NFSD 6.7 Release Notes 2023-10-30 10:12:29 -10:00
switchdev net: switchdev: Add a helper to replay objects on a bridge port 2023-07-21 08:54:03 +01:00
tipc tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING 2023-11-01 22:26:37 -07:00
tls tls: don't reset prot->aad_size and prot->tail_size for TLS_HW 2023-10-23 10:15:09 -07:00
unix af_unix: Remove module remnants. 2023-10-27 09:12:47 -07:00
vmw_vsock Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-10-26 13:46:28 -07:00
wireless wireless-next patches for v6.7 2023-10-26 20:27:58 -07:00
x25 net: implement lockless SO_PRIORITY 2023-10-01 19:09:54 +01:00
xdp xsk: Avoid starving the xsk further down the list 2023-10-24 11:55:36 +02:00
xfrm ipsec-next-2023-10-28 2023-10-30 14:36:57 -07:00
compat.c net/compat: Update msg_control_is_user when setting a kernel pointer 2023-04-14 11:09:27 +01:00
devres.c net: devres: Correct a grammatical error 2021-06-11 12:55:28 -07:00
Kconfig net: add skb_segment kunit test 2023-10-11 10:39:01 +01:00
Kconfig.debug net: make NET_(DEV|NS)_REFCNT_TRACKER depend on NET 2022-09-20 14:23:56 -07:00
Makefile net/handshake: Create a NETLINK service for handling handshake requests 2023-04-19 18:48:48 -07:00
socket.c for-6.7/io_uring-sockopt-2023-10-30 2023-11-01 11:16:34 -10:00
sysctl_net.c sysctl: Add size to register_net_sysctl function 2023-08-15 15:26:17 -07:00