lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130915131401.GA18477@order.stressinduktion.org>
Date:	Sun, 15 Sep 2013 15:14:02 +0200
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	"Catalin(ux) M. BOIE" <catab@...edromix.ro>
Cc:	netdev@...r.kernel.org, yoshfuji@...ux-ipv6.org,
	davem@...emloft.net
Subject: Re: [PATCH] Do not drop DNATed 6to4/6rd packets

On Sat, Sep 14, 2013 at 01:30:47PM +0300, Catalin(ux) M. BOIE wrote:
> From: "Catalin(ux) M. BOIE" <catab@...edromix.ro>
> 
> When a router is doing  DNAT for 6to4/6rd packets the latest anti-spoofing
> patch (218774dc) will drop them because the IPv6 address embedded
> does not match the IPv4 destination. This patch will allow them to
> pass by testing if we have an address that matches on 6to4/6rd interface.
> I have been hit by this problem using Fedora and IPV6TO4_IPV4ADDR.
> Also, log the dropped packets (with rate limit).
> 
> Signed-off-by: Catalin(ux) M. BOIE <catab@...edromix.ro>

Pretty neat idea, I think. Could you rebase the patch ontop of net or net-next
and have a look at the warnings when you feed your patch to
./scripts/checkpatch --strict?

Greetings,

  Hannes

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ