6to4: don't start if detected local IPv4 address is RFC1918, allows people to deploy firmwares with 6to4 enabled by default

SVN-Revision: 27160

2 files changed, 16 insertions, 2 deletions

diff --git a/package/6to4/Makefile b/package/6to4/Makefile
index c106570118..a6f3315a4a 100644
--- a/package/6to4/Makefile
+++ b/package/6to4/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=6to4
-PKG_VERSION:=3
+PKG_VERSION:=4
 PKG_RELEASE:=1
 
 include $(INCLUDE_DIR)/package.mk
diff --git a/package/6to4/files/6to4.sh b/package/6to4/files/6to4.sh
index 65f4ffa5c2..6e85914b43 100755
--- a/package/6to4/files/6to4.sh
+++ b/package/6to4/files/6to4.sh
@@ -1,5 +1,5 @@
 # 6to4.sh - IPv6-in-IPv4 tunnel backend
-# Copyright (c) 2010 OpenWrt.org
+# Copyright (c) 2010-2011 OpenWrt.org
 
 find_6to4_wanif() {
 	local if=$(ip -4 r l e 0.0.0.0/0); if="${if#default* dev }"; if="${if%% *}"
@@ -18,6 +18,15 @@ find_6to4_prefix() {
 	printf "2002:%02x%02x:%02x%02x\n" $1 $2 $3 $4
 }
 
+test_6to4_rfc1918()
+{
+	local oIFS="$IFS"; IFS="."; set -- $1; IFS="$oIFS"
+	[ $1 -eq  10 ] && return 0
+	[ $1 -eq 192 ] && [ $2 -eq 168 ] && return 0
+	[ $1 -eq 172 ] && [ $2 -ge  16 ] && [ $2 -le  31 ] && return 0
+	return 1
+}
+
 set_6to4_radvd_interface() {
 	local cfgid="$1"
 	local lanif="${2:-lan}"
@@ -136,6 +145,11 @@ setup_interface_6to4() {
 		}
 	}
 
+	test_6to4_rfc1918 "$local4" && {
+		logger -t "$link" "Local wan ip $local4 is private - aborting"
+		return
+	}
+
 	[ -n "$local4" ] && {
 		logger -t "$link" "Starting ..."