[Bug 1730] nft does not handle IPv6 addresses with embedded IPv4 addresses
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Sat Jan 6 20:02:19 CET 2024
https://bugzilla.netfilter.org/show_bug.cgi?id=1730
Eric Fahlgren <evil.function at proton.me> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |evil.function at proton.me
--- Comment #1 from Eric Fahlgren <evil.function at proton.me> ---
Playing with this, I found that IPv4-mapped unicast addresses work as expected.
This particular address format is somehow getting past the parser, so it must
be seeing some special casing somewhere.
(I'm also running v1.0.9.)
$ nft insert rule ip6 test6 test6 ip6 saddr ::ffff:10.0.0.1 log
$ nft list table ip6 test6
table ip6 test6 {
chain test6 {
type filter hook prerouting priority filter; policy accept;
ip6 saddr ::ffff:10.0.0.1 log
}
}
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240106/7cb1f675/attachment.html>
More information about the netfilter-buglog
mailing list