| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Oct 2017 10:34:25 +0900 (KST) From: David Miller <davem@...emloft.net> To: shmulik@...f.io Cc: netdev@...r.kernel.org, shmulik.ladkani@...il.com Subject: Re: [PATCH net-next] ip6_tunnel: Allow rcv/xmit even if remote address is a local address From: Shmulik Ladkani <shmulik@...f.io> Date: Sat, 21 Oct 2017 00:25:15 +0300 > From: Shmulik Ladkani <shmulik.ladkani@...il.com> > > Currently, ip6_tnl_xmit_ctl drops tunneled packets if the remote > address (outer v6 destination) is one of host's locally configured > addresses. > Same applies to ip6_tnl_rcv_ctl: it drops packets if the remote address > (outer v6 source) is a local address. > > This prevents using ipxip6 (and ip6_gre) tunnels whose local/remote > endpoints are on same host; OTOH v4 tunnels (ipip or gre) allow such > configurations. > > An example where this proves useful is a system where entities are > identified by their unique v6 addresses, and use tunnels to encapsulate > traffic between them. The limitation prevents placing several entities > on same host. > > Introduce IP6_TNL_F_ALLOW_LOCAL_REMOTE which allows to bypass this > restriction. > > Signed-off-by: Shmulik Ladkani <shmulik.ladkani@...il.com> Given this wasn't allowed for so long, making it configurable makes sense. Applied, thanks.
Powered by blists - more mailing lists