On Wed, Oct 2, 2019 at 11:38 AM Florian Westphal <f...@strlen.de> wrote:
>
> Eric Dumazet <eduma...@google.com> wrote:
> > The dual stack API automatically forces the traffic to be IPv4
> > if v4mapped addresses are used at bind() or connect(), so it makes
> > no sense to allow IPv6 traffic to use the same v4mapped class.
> >
> > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> > Signed-off-by: Eric Dumazet <eduma...@google.com>
> > Cc: Florian Westphal <f...@strlen.de>
> > Cc: Hannes Frederic Sowa <han...@stressinduktion.org>
> > Reported-by: syzbot <syzkal...@googlegroups.com>
> > ---
> > net/ipv6/ip6_input.c | 10 ++++++++++
> > 1 file changed, 10 insertions(+)
> >
> > diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
> > index
> > d432d0011c160f41aec09640e95179dd7b364cfc..2bb0b66181a741c7fb73cacbdf34c5160f52d186
> > 100644
> > --- a/net/ipv6/ip6_input.c
> > +++ b/net/ipv6/ip6_input.c
> > @@ -223,6 +223,16 @@ static struct sk_buff *ip6_rcv_core(struct sk_buff
> > *skb, struct net_device *dev,
> > if (ipv6_addr_is_multicast(&hdr->saddr))
> > goto err;
> >
> > + /* While RFC4291 is not explicit about v4mapped addresses
> > + * in IPv6 headers, it seems clear linux dual-stack
> > + * model can not deal properly with these.
> > + * Security models could be fooled by ::ffff:127.0.0.1 for example.
> > + *
> > + * https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02
> > + */
> > + if (ipv6_addr_v4mapped(&hdr->saddr))
> > + goto err;
> > +
>
> Any reason to only consider ->saddr instead of checking daddr as well?
I do not see reasons the packet should be accepted for sane configurations ?
I would rather have a separate patch for daddr if someone needs it.
(This also comes at a cpu cost for all received packets :/ )
