Code Review / vpp.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 56817e2) | patch
map: Prevent IPv4 prefix spoofing during IPv6 -> IPv4 93/24593/4
authorJon Loeliger <jdl@netgate.com>
Tue, 28 Jan 2020 13:30:28 +0000 (07:30 -0600)
committerOle Trøan <otroan@employees.org>
Thu, 30 Jan 2020 11:05:35 +0000 (11:05 +0000)
commit65866f03d96bd41b99b1c823ea6f38cd77fac58c
treea1c63ac21b3549ba0160e313ecee6bc275ec71c0tree | snapshot
parent56817e2c486a26167783676774b0dea9c103b200commit | diff
map: Prevent IPv4 prefix spoofing during IPv6 -> IPv4

Prevent malicious packets with spoofed embedded IPv4 addresses
by limiting the IPv6 ingress packets to known MAP-T domains.
Drop spoofed packets.

Add several tests that ensure spoofing isn't allowed.

Type: fix
Fixes: fc7344f9be

Change-Id: I80a5dd10d5fe7492e3a1b04de389d649a78065e2
Signed-off-by: Jon Loeliger <jdl@netgate.com>
src/plugins/map/ip6_map_t.c diff | blob | history
src/plugins/map/test/test_map_br.py [new file with mode: 0644] blob
Vector Packet Processing