Displaying 1 result from an estimated 1 matches for "find_best_ips_proto".
2019 Jun 08
2
[Bug 1342] New: IPv6 NAT translates to addresses outside of specified range
...Reporter: zrm at trustiosity.com
Take a rule like this:
ip6tables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source
1000::1:ffff:ffff-1000::2:0:0
The kernel was then observed choosing the address 1000::2:ffff:ffff as the
translation, which is outside the specified range.
This is the code in find_best_ips_proto() in nf_nat_core.c. It assumes that in
each u32 of the IPv6 address, the minimum value is not larger than the maximum,
even though that is only required for the most significant u32 of the address.
It also assumes the minimum will be zero (full_range) whenever the previously
chosen u32 was not the...