Difuse/routing
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nat46: Refuse link local address as implicit source in 464xlat

Browse source 
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This commit is contained in:
Hans Dedecker 2015-04-20 18:26:20 +02:00
parent b508f93679
commit 94c5d19efa
2 changed files with 31 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nat46/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=nat46 PKG_NAME:=nat46
PKG_VERSION:=3 PKG_VERSION:=4
PKG_RELEASE:=$(PKG_SOURCE_VERSION) PKG_RELEASE:=$(PKG_SOURCE_VERSION)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz

40
nat46/src/464xlatcfg.c
View file

@ -71,19 +71,39 @@ int main(int argc, const char *argv[])
freeaddrinfo(res); freeaddrinfo(res);
} }
struct sockaddr_in6 saddr = {.sin6_family = AF_INET6, .sin6_addr = {{{0x20, 0x01, 0x0d, 0xb8}}}}; int i = 0;
socklen_t saddrlen = sizeof(saddr); int sock;
int sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6); struct sockaddr_in6 saddr;
struct icmp6_filter filt;
ICMP6_FILTER_SETBLOCKALL(&filt); do {
setsockopt(sock, IPPROTO_ICMPV6, ICMP6_FILTER, &filt, sizeof(filt)); socklen_t saddrlen = sizeof(saddr);
setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, argv[2], strlen(argv[2])); struct icmp6_filter filt;
if (connect(sock, (struct sockaddr*)&saddr, sizeof(saddr)) ||
getsockname(sock, (struct sockaddr*)&saddr, &saddrlen)) sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
return 3; ICMP6_FILTER_SETBLOCKALL(&filt);
setsockopt(sock, IPPROTO_ICMPV6, ICMP6_FILTER, &filt, sizeof(filt));
setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, argv[2], strlen(argv[2]));
memset(&saddr, 0, sizeof(saddr));
saddr.sin6_family = AF_INET6;
saddr.sin6_addr.s6_addr32[0] = htonl(0x2001);
saddr.sin6_addr.s6_addr32[1] = htonl(0xdb8);
if (connect(sock, (struct sockaddr*)&saddr, sizeof(saddr)) ||
getsockname(sock, (struct sockaddr*)&saddr, &saddrlen))
return 3;
if (!IN6_IS_ADDR_LINKLOCAL(&saddr.sin6_addr) || argv[5])
break;
close(sock);
sleep(3);
i++;
} while (i < 3);
struct ipv6_mreq mreq = {saddr.sin6_addr, if_nametoindex(argv[2])}; struct ipv6_mreq mreq = {saddr.sin6_addr, if_nametoindex(argv[2])};
if (!argv[5]) { if (!argv[5]) {
if (IN6_IS_ADDR_LINKLOCAL(&mreq.ipv6mr_multiaddr))
return 5;
srandom(mreq.ipv6mr_multiaddr.s6_addr32[0] ^ mreq.ipv6mr_multiaddr.s6_addr32[1] ^ srandom(mreq.ipv6mr_multiaddr.s6_addr32[0] ^ mreq.ipv6mr_multiaddr.s6_addr32[1] ^
mreq.ipv6mr_multiaddr.s6_addr32[2] ^ mreq.ipv6mr_multiaddr.s6_addr32[3]); mreq.ipv6mr_multiaddr.s6_addr32[2] ^ mreq.ipv6mr_multiaddr.s6_addr32[3]);
mreq.ipv6mr_multiaddr.s6_addr32[2] = random(); mreq.ipv6mr_multiaddr.s6_addr32[2] = random();