6to4, stf and shoebox NAT routers
Nick Sayer
nsayer at kfu.com
Fri Mar 11 15:07:22 PST 2005
Turns out there is also a check in stf_output that I need to neuter for
this configuration. Attached is a revised patch.
-------------- next part --------------
--- net/if_stf.c.orig Thu Jul 15 01:26:06 2004
+++ net/if_stf.c Fri Mar 11 15:05:52 2005
@@ -89,6 +89,7 @@
#include <sys/module.h>
#include <sys/protosw.h>
#include <sys/queue.h>
+#include <sys/sysctl.h>
#include <machine/cpu.h>
#include <sys/malloc.h>
@@ -183,6 +184,13 @@
struct if_clone stf_cloner = IFC_CLONE_INITIALIZER(STFNAME, NULL, 0,
NULL, stf_clone_match, stf_clone_create, stf_clone_destroy);
+SYSCTL_DECL(_net_link);
+SYSCTL_NODE(_net_link, IFT_STF, stf, CTLFLAG_RW, 0, "6to4 Interface");
+
+static int no_rfc1918check = 0;
+SYSCTL_INT(_net_link_stf, OID_AUTO, permit_rfc1918, CTLFLAG_RW,
+ &no_rfc1918check, 0, "permit RFC-1918 addresses");
+
static int
stf_clone_match(struct if_clone *ifc, const char *name)
{
@@ -455,11 +463,13 @@
* we shouldn't generate output. Without this check, we'll end up
* using wrong IPv4 source.
*/
- ia6 = stf_getsrcifa6(ifp);
- if (ia6 == NULL) {
- m_freem(m);
- ifp->if_oerrors++;
- return ENETDOWN;
+ if (!no_rfc1918check) {
+ ia6 = stf_getsrcifa6(ifp);
+ if (ia6 == NULL) {
+ m_freem(m);
+ ifp->if_oerrors++;
+ return ENETDOWN;
+ }
}
if (m->m_len < sizeof(*ip6)) {
@@ -567,6 +577,9 @@
isrfc1918addr(in)
struct in_addr *in;
{
+ if (no_rfc1918check)
+ return 0;
+
/*
* returns 1 if private address range:
* 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
More information about the freebsd-hackers
mailing list