diff options
author | Jon Loeliger <jdl@netgate.com> | 2020-01-28 07:30:28 -0600 |
---|---|---|
committer | Ole Trøan <otroan@employees.org> | 2020-01-30 11:05:35 +0000 |
commit | 65866f03d96bd41b99b1c823ea6f38cd77fac58c (patch) | |
tree | a1c63ac21b3549ba0160e313ecee6bc275ec71c0 /src/plugins/ikev2 | |
parent | 56817e2c486a26167783676774b0dea9c103b200 (diff) |
map: Prevent IPv4 prefix spoofing during IPv6 -> IPv4
Prevent malicious packets with spoofed embedded IPv4 addresses
by limiting the IPv6 ingress packets to known MAP-T domains.
Drop spoofed packets.
Add several tests that ensure spoofing isn't allowed.
Type: fix
Fixes: fc7344f9be
Change-Id: I80a5dd10d5fe7492e3a1b04de389d649a78065e2
Signed-off-by: Jon Loeliger <jdl@netgate.com>
Diffstat (limited to 'src/plugins/ikev2')
0 files changed, 0 insertions, 0 deletions