linux

mirror of https://github.com/torvalds/linux synced 2024-11-05 18:23:50 +00:00

History

Florian Westphal 80abbe8a82 netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses The ipv6 redirect target was derived from the ipv4 one, i.e. its identical to a 'dnat' with the first (primary) address assigned to the network interface. The code has been moved around to make it usable from nf_tables too, but its still the same as it was back when this was added in 2012. IPv6, however, has different types of addresses, if the 'wrong' address comes first the redirection does not work. In Daniels case, the addresses are: inet6 ::ffff:192 ... inet6 2a01: ... ... so the function attempts to redirect to the mapped address. Add more checks before the address is deemed correct: 1. If the packets' daddr is scoped, search for a scoped address too 2. skip tentative addresses 3. skip mapped addresses Use the first address that appears to match our needs. Reported-by: Daniel Huhardeaux <tech@tootai.net> Closes: https://lore.kernel.org/netfilter/71be06b8-6aa0-4cf9-9e0b-e2839b01b22f@tootai.net/ Fixes: `115e23ac78` ("netfilter: ip6tables: add REDIRECT target") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>		2023-11-08 16:40:30 +01:00
..
6lowpan
9p
802
8021q
appletalk
atm
ax25
batman-adv
bluetooth
bpf
bpfilter
bridge	netfilter: add missing module descriptions	2023-11-08 13:52:32 +01:00
caif
can
ceph
core	net: page_pool: add missing free_percpu when page_pool_init fail	2023-11-02 12:27:53 +01:00
dcb
dccp	dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.	2023-11-02 12:56:03 +01:00
devlink
dns_resolver
dsa
ethernet
ethtool
handshake
hsr
ieee802154
ife
ipv4	netfilter: add missing module descriptions	2023-11-08 13:52:32 +01:00
ipv6	netfilter: add missing module descriptions	2023-11-08 13:52:32 +01:00
iucv
kcm
key
l2tp
l3mdev
lapb
llc
mac80211
mac802154
mctp
mpls
mptcp
ncsi
netfilter	netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses	2023-11-08 16:40:30 +01:00
netlabel
netlink	netlink: fill in missing MODULE_DESCRIPTION()	2023-11-03 11:42:48 +00:00
netrom
nfc
nsh
openvswitch
packet
phonet
psample
qrtr
rds
rfkill
rose
rxrpc	rxrpc: Fix two connection reaping bugs	2023-11-01 22:28:55 -07:00
sched	net, sched: Fix SKB_NOT_DROPPED_YET splat under debug config	2023-11-06 08:56:25 +00:00
sctp
smc
strparser
sunrpc
switchdev
tipc	tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING	2023-11-01 22:26:37 -07:00
tls
unix
vmw_vsock
wireless
x25
xdp
xfrm
compat.c
devres.c
Kconfig
Kconfig.debug
Makefile
socket.c
sysctl_net.c