Eric Dumazet <eduma...@google.com> wrote: > > > @@ -223,6 +223,16 @@ static struct sk_buff *ip6_rcv_core(struct sk_buff > > > *skb, struct net_device *dev, > > > if (ipv6_addr_is_multicast(&hdr->saddr)) > > > goto err; > > > > > > + /* While RFC4291 is not explicit about v4mapped addresses > > > + * in IPv6 headers, it seems clear linux dual-stack > > > + * model can not deal properly with these. > > > + * Security models could be fooled by ::ffff:127.0.0.1 for example. > > > + * > > > + * > > > https://tools.ietf.org/html/draft-itojun-v6ops-v4mapped-harmful-02 > > > + */ > > > + if (ipv6_addr_v4mapped(&hdr->saddr)) > > > + goto err; > > > + > > > > Any reason to only consider ->saddr instead of checking daddr as well? > > I do not see reasons the packet should be accepted for sane configurations ?
Fair enough, thanks for explaining.
