Re-enable arbitrary IPv6 addresses as outer ip4-in-ip6 tunnel source address
authorAxel Neumann <neumann@cgws.de>
Mon, 21 May 2018 18:32:09 +0000 (20:32 +0200)
committerDaniel Golle <daniel@makrotopia.org>
Tue, 31 Jul 2018 04:32:15 +0000 (06:32 +0200)
The 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch kernel patches
break the possibility for using an ip4ip6 tunnel interface as a fall
back interface accepting ip4-in-ip6 tunneled packets from any remote
address. This works out of the box with any normal (non-666-patched)
kernel and can be configured by setting up an 'ip -6 tunnel' with type
'any' or 'ip4ip6' and a remote address of '::'.

The misbehavior comes with line 290 the patch which discards all packets
that do not show the expected saddr, even if no single fmr rule was
defined and despite the validity of the saddr was already approved earlier.

Signed-off-by: Axel Neumann <neumann@cgws.de>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from 65c05301c2)

target/linux/generic/pending-3.18/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch
target/linux/generic/pending-4.14/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch
target/linux/generic/pending-4.4/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch
target/linux/generic/pending-4.9/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch

index 43bdbe456d9ddb8e8982b53afd0ac93816d9b212..3948d726b82a9bbb8f6e1ad22752f3218884d445 100644 (file)
@@ -258,7 +258,7 @@ Signed-off-by: Steven Barth <cyrus@openwrt.org>
                skb_reset_network_header(skb);
                skb->protocol = htons(protocol);
                memset(skb->cb, 0, sizeof(struct inet6_skb_parm));
-+              if (protocol == ETH_P_IP &&
++              if (protocol == ETH_P_IP && t->parms.fmrs &&
 +                      !ipv6_addr_equal(&ipv6h->saddr, &t->parms.raddr)) {
 +                              /* Packet didn't come from BR, so lookup FMR */
 +                              struct __ip6_tnl_fmr *fmr;
index 1de8543353c1841de66396ce22be4662b3c0a72d..fa7fa0a613597922f0052e440673908283e65ded 100644 (file)
@@ -268,7 +268,7 @@ Signed-off-by: Steven Barth <cyrus@openwrt.org>
        skb_reset_network_header(skb);
        memset(skb->cb, 0, sizeof(struct inet6_skb_parm));
  
-+      if (tpi->proto == htons(ETH_P_IP) &&
++      if (tpi->proto == htons(ETH_P_IP) && tunnel->parms.fmrs &&
 +              !ipv6_addr_equal(&ipv6h->saddr, &tunnel->parms.raddr)) {
 +                      /* Packet didn't come from BR, so lookup FMR */
 +                      struct __ip6_tnl_fmr *fmr;
index fe599798ce3a54a24638786e069faf95fbbd8ef4..40be5cdff2c1e6ae64c6799c9af9db3d45f11a06 100644 (file)
@@ -273,7 +273,7 @@ Signed-off-by: Steven Barth <cyrus@openwrt.org>
                skb_reset_network_header(skb);
                skb->protocol = htons(protocol);
                memset(skb->cb, 0, sizeof(struct inet6_skb_parm));
-+              if (protocol == ETH_P_IP &&
++              if (protocol == ETH_P_IP && t->parms.fmrs &&
 +                      !ipv6_addr_equal(&ipv6h->saddr, &t->parms.raddr)) {
 +                              /* Packet didn't come from BR, so lookup FMR */
 +                              struct __ip6_tnl_fmr *fmr;
index 99d1fb2e53083be9332e7d81c4558fd64e608787..76b38c5fb96dd96eaf4e91435017c070a06b97d3 100644 (file)
@@ -268,7 +268,7 @@ Signed-off-by: Steven Barth <cyrus@openwrt.org>
        skb_reset_network_header(skb);
        memset(skb->cb, 0, sizeof(struct inet6_skb_parm));
  
-+      if (tpi->proto == htons(ETH_P_IP) &&
++      if (tpi->proto == htons(ETH_P_IP) && tunnel->parms.fmrs &&
 +              !ipv6_addr_equal(&ipv6h->saddr, &tunnel->parms.raddr)) {
 +                      /* Packet didn't come from BR, so lookup FMR */
 +                      struct __ip6_tnl_fmr *fmr;