From: Hannes Frederic Sowa <hannes@stressinduktion.org>
Date: Thu, 27 Jun 2013 20:46:04 +0000 (+0200)
Subject: ipv6: only apply anti-spoofing checks to not-pointopoint tunnels
X-Git-Tag: v3.11-rc1~64^2~77
X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=commitdiff_plain;h=5c29fb12e8fb8a8105ea048cb160fd79a85a52bb;p=linux.git

ipv6: only apply anti-spoofing checks to not-pointopoint tunnels

Because of commit 218774dc341f219bfcf940304a081b121a0e8099 ("ipv6: add
anti-spoofing checks for 6to4 and 6rd") the sit driver dropped packets
for 2002::/16 destinations and sources even when configured to work as a
tunnel with fixed endpoint. We may only apply the 6rd/6to4 anti-spoofing
checks if the device is not in pointopoint mode.

This was an oversight from me in the above commit, sorry.  Thanks to
Roman Mamedov for reporting this!

Reported-by: Roman Mamedov <rm@romanrm.ru>
Cc: David Miller <davem@davemloft.net>
Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 97a0bfe2c293..85ff37b1ce02 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -593,7 +593,7 @@ static int ipip6_rcv(struct sk_buff *skb)
 				tunnel->dev->stats.rx_errors++;
 				goto out;
 			}
-		} else {
+		} else if (!(tunnel->dev->flags&IFF_POINTOPOINT)) {
 			if (is_spoofed_6rd(tunnel, iph->saddr,
 					   &ipv6_hdr(skb)->saddr) ||
 			    is_spoofed_6rd(tunnel, iph->daddr,