linux/net/ipv6
Florian Westphal 2a7851bffb netfilter: add nf_ipv6_ops hook to fix xt_addrtype with IPv6
Quoting https://bugzilla.netfilter.org/show_bug.cgi?id=812:

[ ip6tables -m addrtype ]
When I tried to use in the nat/PREROUTING it messes up the
routing cache even if the rule didn't matched at all.
[..]
If I remove the --limit-iface-in from the non-working scenario, so just
use the -m addrtype --dst-type LOCAL it works!

This happens when LOCAL type matching is requested with --limit-iface-in,
and the default ipv6 route is via the interface the packet we test
arrived on.

Because xt_addrtype uses ip6_route_output, the ipv6 routing implementation
creates an unwanted cached entry, and the packet won't make it to the
real/expected destination.

Silently ignoring --limit-iface-in makes the routing work but it breaks
rule matching (--dst-type LOCAL with limit-iface-in is supposed to only
match if the dst address is configured on the incoming interface;
without --limit-iface-in it will match if the address is reachable
via lo).

The test should call ipv6_chk_addr() instead.  However, this would add
a link-time dependency on ipv6.

There are two possible solutions:

1) Revert the commit that moved ipt_addrtype to xt_addrtype,
   and put ipv6 specific code into ip6t_addrtype.
2) add new "nf_ipv6_ops" struct to register pointers to ipv6 functions.

While the former might seem preferable, Pablo pointed out that there
are more xt modules with link-time dependeny issues regarding ipv6,
so lets go for 2).

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-05-23 11:58:55 +02:00
..
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-22 20:32:51 -04:00
addrconf_core.c ipv6: statically link register_inet6addr_notifier() 2013-04-14 15:24:17 -04:00
addrconf.c netfilter: add nf_ipv6_ops hook to fix xt_addrtype with IPv6 2013-05-23 11:58:55 +02:00
addrlabel.c rtnetlink: Remove passing of attributes into rtnl_doit functions 2013-03-22 10:31:16 -04:00
af_inet6.c GRE: Refactor GRE tunneling code. 2013-03-26 12:27:18 -04:00
ah6.c
anycast.c
datagram.c ipv6: report sin6_scope_id if sockopt RECVORIGDSTADDR is set 2013-03-08 12:29:23 -05:00
esp6.c
exthdrs_core.c
exthdrs_offload.c
exthdrs.c
fib6_rules.c
icmp.c net: Add MIB counters for checksum errors 2013-04-29 15:14:03 -04:00
inet6_connection_sock.c ipv6: use newly introduced __ipv6_addr_needs_scope_id and ipv6_iface_scope_id 2013-03-08 12:29:22 -05:00
inet6_hashtables.c
ip6_checksum.c
ip6_fib.c
ip6_flowlabel.c
ip6_gre.c ipv6,gre: do not leak info to user-space 2013-05-11 17:40:14 -07:00
ip6_icmp.c ipv6: Kill ipv6 dependency of icmpv6_send(). 2013-04-29 13:54:36 -04:00
ip6_input.c ipv6: don't accept node local multicast traffic from the wire 2013-03-29 14:57:33 -04:00
ip6_offload.c tunneling: Add generic Tunnel segmentation. 2013-03-09 16:09:17 -05:00
ip6_offload.h
ip6_output.c ipv6: fix possible crashes in ip6_cork_release() 2013-05-18 12:55:45 -07:00
ip6_tunnel.c GRE: Refactor GRE tunneling code. 2013-03-26 12:27:18 -04:00
ip6mr.c net-next: replace obsolete NLMSG_* with type safe nlmsg_* 2013-03-28 14:25:25 -04:00
ipcomp6.c
ipv6_sockglue.c
Kconfig Tunneling: use IP Tunnel stats APIs. 2013-03-26 12:27:19 -04:00
Makefile ipv6: Kill ipv6 dependency of icmpv6_send(). 2013-04-29 13:54:36 -04:00
mcast.c
mip6.c
ndisc.c
netfilter.c netfilter: add nf_ipv6_ops hook to fix xt_addrtype with IPv6 2013-05-23 11:58:55 +02:00
output_core.c
proc.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
protocol.c
raw.c ipv6: use newly introduced __ipv6_addr_needs_scope_id and ipv6_iface_scope_id 2013-03-08 12:29:22 -05:00
reassembly.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-22 20:32:51 -04:00
route.c rtnetlink: Remove passing of attributes into rtnl_doit functions 2013-03-22 10:31:16 -04:00
sit.c Tunneling: use IP Tunnel stats APIs. 2013-03-26 12:27:19 -04:00
syncookies.c tcp: Remove TCPCT 2013-03-17 14:35:13 -04:00
sysctl_net_ipv6.c
tcp_ipv6.c ipv6: do not clear pinet6 field 2013-05-11 16:26:38 -07:00
tcpv6_offload.c
tunnel6.c
udp_impl.h ipv6: do not clear pinet6 field 2013-05-11 16:26:38 -07:00
udp_offload.c tunneling: Add generic Tunnel segmentation. 2013-03-09 16:09:17 -05:00
udp.c ipv6: do not clear pinet6 field 2013-05-11 16:26:38 -07:00
udplite.c ipv6: do not clear pinet6 field 2013-05-11 16:26:38 -07:00
xfrm6_input.c
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
xfrm6_output.c
xfrm6_policy.c xfrm6: release dev before returning error 2013-05-11 17:40:15 -07:00
xfrm6_state.c
xfrm6_tunnel.c