Date: Fri, 11 Mar 2005 15:07:21 -0800 From: Nick Sayer <nsayer@kfu.com> To: freebsd-hackers@freebsd.org Subject: Re: 6to4, stf and shoebox NAT routers Message-ID: <423224A9.9010109@kfu.com> In-Reply-To: <4232198F.5030705@kfu.com> References: <4232198F.5030705@kfu.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Turns out there is also a check in stf_output that I need to neuter for
this configuration. Attached is a revised patch.
[-- Attachment #2 --]
--- net/if_stf.c.orig Thu Jul 15 01:26:06 2004
+++ net/if_stf.c Fri Mar 11 15:05:52 2005
@@ -89,6 +89,7 @@
#include <sys/module.h>
#include <sys/protosw.h>
#include <sys/queue.h>
+#include <sys/sysctl.h>
#include <machine/cpu.h>
#include <sys/malloc.h>
@@ -183,6 +184,13 @@
struct if_clone stf_cloner = IFC_CLONE_INITIALIZER(STFNAME, NULL, 0,
NULL, stf_clone_match, stf_clone_create, stf_clone_destroy);
+SYSCTL_DECL(_net_link);
+SYSCTL_NODE(_net_link, IFT_STF, stf, CTLFLAG_RW, 0, "6to4 Interface");
+
+static int no_rfc1918check = 0;
+SYSCTL_INT(_net_link_stf, OID_AUTO, permit_rfc1918, CTLFLAG_RW,
+ &no_rfc1918check, 0, "permit RFC-1918 addresses");
+
static int
stf_clone_match(struct if_clone *ifc, const char *name)
{
@@ -455,11 +463,13 @@
* we shouldn't generate output. Without this check, we'll end up
* using wrong IPv4 source.
*/
- ia6 = stf_getsrcifa6(ifp);
- if (ia6 == NULL) {
- m_freem(m);
- ifp->if_oerrors++;
- return ENETDOWN;
+ if (!no_rfc1918check) {
+ ia6 = stf_getsrcifa6(ifp);
+ if (ia6 == NULL) {
+ m_freem(m);
+ ifp->if_oerrors++;
+ return ENETDOWN;
+ }
}
if (m->m_len < sizeof(*ip6)) {
@@ -567,6 +577,9 @@
isrfc1918addr(in)
struct in_addr *in;
{
+ if (no_rfc1918check)
+ return 0;
+
/*
* returns 1 if private address range:
* 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?423224A9.9010109>