UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/net
History
Florian Westphal 2cd19d014d netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses 
[ Upstream commit 80abbe8a8263106fe45a4f293b92b5c74cc9cc8a ]

The ipv6 redirect target was derived from the ipv4 one, i.e. its
identical to a 'dnat' with the first (primary) address assigned to the
network interface.  The code has been moved around to make it usable
from nf_tables too, but its still the same as it was back when this
was added in 2012.

IPv6, however, has different types of addresses, if the 'wrong' address
comes first the redirection does not work.

In Daniels case, the addresses are:
  inet6 ::ffff:192 ...
  inet6 2a01: ...

... so the function attempts to redirect to the mapped address.

Add more checks before the address is deemed correct:
1. If the packets' daddr is scoped, search for a scoped address too
2. skip tentative addresses
3. skip mapped addresses

Use the first address that appears to match our needs.

Reported-by: Daniel Huhardeaux <tech@tootai.net>
Closes: https://lore.kernel.org/netfilter/71be06b8-6aa0-4cf9-9e0b-e2839b01b22f@tootai.net/
Fixes: 115e23ac78 ("netfilter: ip6tables: add REDIRECT target")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-11-20 11:59:37 +01:00
..
6lowpan
9p 9p/net: fix possible memory leak in p9_check_errors() 2023-11-20 11:59:29 +01:00
802
8021q
appletalk
atm
ax25 ax25: Kconfig: Update link for linux-ax25.org 2023-09-18 12:56:58 +01:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-08-24 10:51:39 -07:00
bluetooth Bluetooth: hci_sync: Fix Opcode prints in bt_dev_dbg/err 2023-11-20 11:59:03 +01:00
bpf bpf: Prevent inlining of bpf_fentry_test7() 2023-08-30 08:36:17 +02:00
bpfilter
bridge neighbour: fix data-races around n->output 2023-10-01 17:14:37 +01:00
caif
can can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior 2023-10-06 12:54:33 +02:00
ceph libceph: use kernel_connect() 2023-10-09 13:35:24 +02:00
core net: page_pool: add missing free_percpu when page_pool_init fail 2023-11-20 11:59:34 +01:00
dcb
dccp dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-20 11:59:35 +01:00
devlink devlink: Hold devlink lock on health reporter dump get 2023-10-06 15:56:46 -07:00
dns_resolver
dsa
ethernet
ethtool Revert "ethtool: Fix mod state of verbose no_mask bitset" 2023-10-19 09:27:12 -07:00
handshake net/handshake: fix file ref count in handshake_nl_accept_doit() 2023-10-23 10:19:33 -07:00
hsr hsr: Prevent use after free in prp_create_tagged_frame() 2023-11-20 11:59:34 +01:00
ieee802154 sysctl-6.6-rc1 2023-08-29 17:39:15 -07:00
ife
ipv4 tcp: fix cookie_init_timestamp() overflows 2023-11-20 11:59:01 +01:00
ipv6 dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-20 11:59:35 +01:00
iucv
kcm kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). 2023-09-14 10:43:51 +02:00
key
l2tp udp: annotate data-races around udp->encap_type 2023-11-20 11:58:56 +01:00
l3mdev
lapb
llc llc: verify mac len before reading mac header 2023-11-20 11:59:34 +01:00
mac80211 wifi: mac80211: Fix setting vif links 2023-11-20 11:59:02 +01:00
mac802154
mctp mctp: perform route lookups under a RCU read-side lock 2023-10-10 19:43:22 -07:00
mpls
mptcp mptcp: properly account fastopen data 2023-11-20 11:59:03 +01:00
ncsi ncsi: Propagate carrier gain/loss events to the NCSI controller 2023-09-18 07:06:05 +01:00
netfilter netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses 2023-11-20 11:59:37 +01:00
netlabel
netlink netlink: annotate data-races around sk->sk_err 2023-10-04 17:32:54 -07:00
netrom netrom: Deny concurrent connect(). 2023-08-28 06:58:46 +01:00
nfc nfc: nci: fix possible NULL pointer dereference in send_acknowledge() 2023-10-16 17:34:53 -07:00
nsh
openvswitch
packet af_packet: Fix fortified memcpy() without flex array. 2023-10-12 09:15:15 +02:00
phonet
psample
qrtr
rds net: prevent address rewrite in kernel_bind() 2023-10-01 19:31:29 +01:00
rfkill net: rfkill: reduce data->mtx scope in rfkill_fop_open 2023-10-11 16:55:10 +02:00
rose
rxrpc rxrpc: Fix two connection reaping bugs 2023-11-20 11:59:34 +01:00
sched net/sched: act_ct: additional checks for outdated flows 2023-10-25 11:35:57 +02:00
sctp sctp: update hb timer immediately after users change hb_interval 2023-10-04 17:29:58 -07:00
smc net/smc: put sk reference if close work was canceled 2023-11-20 11:59:35 +01:00
strparser
sunrpc SUNRPC/TLS: Lock the lower_xprt during the tls handshake 2023-09-27 15:16:40 -04:00
switchdev
tipc tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING 2023-11-20 11:59:34 +01:00
tls tls: Use size_add() in call to struct_size() 2023-11-20 11:58:57 +01:00
unix Including fixes from netfilter and bpf. 2023-09-07 18:33:07 -07:00
vmw_vsock virtio/vsock: Fix uninit-value in virtio_transport_recv_pkt() 2023-11-20 11:59:36 +01:00
wireless wifi: cfg80211: fix off-by-one in element defrag 2023-11-20 11:58:55 +01:00
x25
xdp xdp: Fix zero-size allocation warning in xskq_create() 2023-10-09 16:13:29 +02:00
xfrm ipsec-2023-10-17 2023-10-17 18:21:13 -07:00
Kconfig
Kconfig.debug
Makefile
compat.c
devres.c
socket.c net: prevent address rewrite in kernel_bind() 2023-10-01 19:31:29 +01:00
sysctl_net.c