| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 28 Sep 2013 15:57:50 -0400 (EDT)
From: David Miller <davem@...emloft.net>
To: hannes@...essinduktion.org
Cc: catab@...edromix.ro, netdev@...r.kernel.org,
yoshfuji@...ux-ipv6.org, joe@...ches.com
Subject: Re: [PATCH v5] IPv6 NAT: Do not drop DNATed 6to4/6rd packets
From: Hannes Frederic Sowa <hannes@...essinduktion.org>
Date: Tue, 24 Sep 2013 23:36:06 +0200
> On Mon, Sep 23, 2013 at 11:04:19PM +0300, Catalin(ux) M. BOIE wrote:
>> When a router is doing DNAT for 6to4/6rd packets the latest anti-spoofing
>> patch (218774dc) will drop them because the IPv6 address embedded
>> does not match the IPv4 destination. This patch will allow them to
>> pass by testing if we have an address that matches on 6to4/6rd interface.
>> I have been hit by this problem using Fedora and IPV6TO4_IPV4ADDR.
>> Also, log the dropped packets (with rate limit).
>>
>> Signed-off-by: Catalin(ux) M. BOIE <catab@...edromix.ro>
>
> Acked-by: Hannes Frederic Sowa <hannes@...essinduktion.org>
Applied, but Catalin please strictly refer to changes in the following
precise format:
commit $SHA1_ID ("Commit message header line text")
Because SHA1_IDs are ambiguous, especially when the change in question
is backported into various -stable branches.
The only way to resolve the ambiguity is to provide the commit message
text (in parenthesis and double quotes).
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists