superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/net
History
Florian Westphal 587e6308d6 netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses 
[ Upstream commit 80abbe8a82 ]

The ipv6 redirect target was derived from the ipv4 one, i.e. its
identical to a 'dnat' with the first (primary) address assigned to the
network interface.  The code has been moved around to make it usable
from nf_tables too, but its still the same as it was back when this
was added in 2012.

IPv6, however, has different types of addresses, if the 'wrong' address
comes first the redirection does not work.

In Daniels case, the addresses are:
  inet6 ::ffff:192 ...
  inet6 2a01: ...

... so the function attempts to redirect to the mapped address.

Add more checks before the address is deemed correct:
1. If the packets' daddr is scoped, search for a scoped address too
2. skip tentative addresses
3. skip mapped addresses

Use the first address that appears to match our needs.

Reported-by: Daniel Huhardeaux <tech@tootai.net>
Closes: https://lore.kernel.org/netfilter/71be06b8-6aa0-4cf9-9e0b-e2839b01b22f@tootai.net/
Fixes: 115e23ac78 ("netfilter: ip6tables: add REDIRECT target")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-11-20 11:52:17 +01:00
..
6lowpan
9p 9p/net: fix possible memory leak in p9_check_errors() 2023-11-20 11:52:13 +01:00
802
8021q vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit() 2023-05-24 17:32:47 +01:00
appletalk
atm atm: hide unused procfs functions 2023-06-09 10:34:16 +02:00
ax25
batman-adv batman-adv: Hold rtnl lock during MTU update via netlink 2023-08-30 16:11:08 +02:00
bluetooth Bluetooth: hci_sync: Fix Opcode prints in bt_dev_dbg/err 2023-11-20 11:51:55 +01:00
bpf Revert "bpf, test_run: fix &xdp_frame misplacement for LIVE_FRAMES" 2023-03-17 08:50:32 +01:00
bpfilter
bridge neighbour: fix data-races around n->output 2023-10-10 22:00:42 +02:00
caif net: caif: Fix use-after-free in cfusbl_device_notify() 2023-03-17 08:50:24 +01:00
can can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior 2023-10-19 23:08:52 +02:00
ceph libceph: use kernel_connect() 2023-10-19 23:08:56 +02:00
core net: page_pool: add missing free_percpu when page_pool_init fail 2023-11-20 11:52:16 +01:00
dcb net: dcb: choose correct policy to parse DCB_ATTR_BCN 2023-08-11 12:08:17 +02:00
dccp dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-20 11:52:16 +01:00
devlink devlink: remove reload failed checks in params get/set callbacks 2023-09-23 11:11:01 +02:00
dns_resolver
dsa net: dsa: sja1105: always enable the send_meta options 2023-07-19 16:22:06 +02:00
ethernet
ethtool ipv6: Remove in6addr_any alternatives. 2023-09-19 12:28:10 +02:00
hsr hsr: Prevent use after free in prp_create_tagged_frame() 2023-11-20 11:52:15 +01:00
ieee802154
ife
ipv4 tcp: fix cookie_init_timestamp() overflows 2023-11-20 11:51:54 +01:00
ipv6 dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-20 11:52:16 +01:00
iucv net/iucv: Fix size of interrupt data 2023-03-22 13:33:50 +01:00
kcm kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). 2023-09-19 12:28:10 +02:00
key net: af_key: fix sadb_x_filter validation 2023-08-23 17:52:32 +02:00
l2tp ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() 2023-10-10 22:00:42 +02:00
l3mdev
lapb
llc llc: verify mac len before reading mac header 2023-11-20 11:52:15 +01:00
mac80211 wifi: mac80211: fix # of MSDU in A-MSDU calculation 2023-11-20 11:51:51 +01:00
mac802154
mctp mctp: perform route lookups under a RCU read-side lock 2023-10-19 23:08:57 +02:00
mpls net: mpls: fix stale pointer if allocation fails during device rename 2023-02-22 12:59:53 +01:00
mptcp mptcp: avoid sending RST when closing the initial subflow 2023-10-25 12:03:16 +02:00
ncsi ncsi: Propagate carrier gain/loss events to the NCSI controller 2023-10-06 14:56:57 +02:00
netfilter netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses 2023-11-20 11:52:17 +01:00
netlabel netlabel: fix shift wrapping bug in netlbl_catmap_setlong() 2023-09-13 09:42:24 +02:00
netlink netlink: remove the flex array from struct nlmsghdr 2023-10-10 22:00:46 +02:00
netrom netrom: Deny concurrent connect(). 2023-09-13 09:42:35 +02:00
nfc nfc: nci: fix possible NULL pointer dereference in send_acknowledge() 2023-10-25 12:03:04 +02:00
nsh net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() 2023-05-24 17:32:45 +01:00
openvswitch net: openvswitch: reject negative ifindex 2023-08-23 17:52:35 +02:00
packet net/packet: annotate data-races around tp->status 2023-08-16 18:27:26 +02:00
phonet
psample
qrtr net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() 2023-04-20 12:35:09 +02:00
rds net: prevent address rewrite in kernel_bind() 2023-10-19 23:08:50 +02:00
rfkill net: rfkill: gpio: prevent value glitch during probe 2023-10-25 12:03:06 +02:00
rose net/rose: Fix to not accept on connected socket 2023-02-22 12:59:42 +01:00
rxrpc rxrpc: Fix hard call timeout units 2023-05-17 11:53:35 +02:00
sched net: sched: cls_u32: Fix allocation size in u32_init() 2023-11-08 14:10:57 +01:00
sctp sctp: update hb timer immediately after users change hb_interval 2023-10-10 22:00:44 +02:00
smc net/smc: put sk reference if close work was canceled 2023-11-20 11:52:16 +01:00
strparser
sunrpc Revert "SUNRPC dont update timeout value on connection reset" 2023-10-06 14:57:03 +02:00
switchdev
tipc tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING 2023-11-20 11:52:15 +01:00
tls tls: Use size_add() in call to struct_size() 2023-11-20 11:51:52 +01:00
unix af_unix: Fix data-race around unix_tot_inflight. 2023-09-19 12:28:02 +02:00
vmw_vsock vsock/virtio: remove socket from connected/bound list on shutdown 2023-11-20 11:52:17 +01:00
wireless wifi: cfg80211: add flush functions for wiphy work 2023-11-20 11:51:51 +01:00
x25 net/x25: Fix to not accept on connected socket 2023-02-09 11:28:13 +01:00
xdp xsk: Fix xsk_diag use-after-free error during socket cleanup 2023-09-19 12:28:01 +02:00
xfrm net: xfrm: skip policies marked as dead while reinserting policies 2023-10-25 12:03:12 +02:00
Kconfig
Kconfig.debug
Makefile devlink: move code to a dedicated directory 2023-08-30 16:11:00 +02:00
compat.c use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
devres.c
socket.c net: prevent address rewrite in kernel_bind() 2023-10-19 23:08:50 +02:00
sysctl_net.c