Re: [PATCH RESEND] ipv6: add anti-spoofing checks for 6to4 and 6rd

[PATCH RESEND] ipv6: add anti-spoofing checks for 6to4 and 6rd · Hannes Frederic Sowa <hidden> · 2013-01-23
Re: [PATCH RESEND] ipv6: add anti-spoofing checks for 6to4 and 6rd · YOSHIFUJI Hideaki <hidden> · 2013-01-24
Re: [PATCH RESEND] ipv6: add anti-spoofing checks for 6to4 and 6rd · Hannes Frederic Sowa <hidden> · 2013-01-24
Re: [PATCH RESEND] ipv6: add anti-spoofing checks for 6to4 and 6rd · Hannes Frederic Sowa <hidden> · 2013-01-29
Re: [PATCH RESEND] ipv6: add anti-spoofing checks for 6to4 and 6rd · YOSHIFUJI Hideaki <hidden> · 2013-01-29
Re: [PATCH RESEND] ipv6: add anti-spoofing checks for 6to4 and 6rd · Roman Mamedov <hidden> · 2013-06-27
Re: [PATCH RESEND] ipv6: add anti-spoofing checks for 6to4 and 6rd · Hannes Frederic Sowa <hidden> · 2013-06-27
Re: [PATCH RESEND] ipv6: add anti-spoofing checks for 6to4 and 6rd · Hannes Frederic Sowa <hidden> · 2013-06-27

From: Hannes Frederic Sowa <hidden>
Date: 2013-01-24 13:55:09

On Thu, Jan 24, 2013 at 12:59:30PM +0900, YOSHIFUJI Hideaki wrote:

I need to do more research.  I am still not convinced
to have such destination check here because the standard
seems silent about it, and we have several basic checks
in standard input path and tunnel search.

Thanks, looking forward to your conclusion.

Anyway, try_6rd() can do check for prefix as well
but we are doing slightly different thing.
So I think we can introduce new __check_6rd() to
return non-6rd/6to4 addresses.

bool __check_6rd(struct ip_tunnel *tunnel,
		 const struct in6_addr *v6dst,
		 __be32 *v4dst);

If prefix matches, fill *v4dst and return true.
Otherwise, return false.

__be32 __try_6rd()
{
	__be32 dst = 0;
	__check_6rd(tunnel, v6dst, &dst);
	return dst;
}

I'll update the patch and send it over for review, thanks.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help