version 1.23, 2000/06/28 03:04:03 |
version 1.25, 2000/07/06 12:36:19 |
|
|
/* $NetBSD$ */ |
/* $NetBSD$ */ |
/* $KAME: ip6_input.c,v 1.94 2000/06/13 10:06:19 jinmei Exp $ */ |
/* $KAME: ip6_input.c,v 1.95 2000/07/02 07:49:37 jinmei Exp $ */ |
|
|
/* |
/* |
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
|
|
(ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 && |
(ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 && |
IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, |
IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, |
&ip6_forward_rt.ro_dst.sin6_addr)) |
&ip6_forward_rt.ro_dst.sin6_addr)) |
; /* cache hit */ |
ip6stat.ip6s_forward_cachehit++; |
else { |
else { |
if (ip6_forward_rt.ro_rt) { |
if (ip6_forward_rt.ro_rt) { |
/* route is down or destination is different */ |
/* route is down or destination is different */ |
|
ip6stat.ip6s_forward_cachemiss++; |
RTFREE(ip6_forward_rt.ro_rt); |
RTFREE(ip6_forward_rt.ro_rt); |
ip6_forward_rt.ro_rt = 0; |
ip6_forward_rt.ro_rt = 0; |
} |
} |
|
|
ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_LOOP) { |
ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_LOOP) { |
struct in6_ifaddr *ia6 = |
struct in6_ifaddr *ia6 = |
(struct in6_ifaddr *)ip6_forward_rt.ro_rt->rt_ifa; |
(struct in6_ifaddr *)ip6_forward_rt.ro_rt->rt_ifa; |
/* packet to tentative address must not be received */ |
|
if (ia6->ia6_flags & IN6_IFF_ANYCAST) |
if (ia6->ia6_flags & IN6_IFF_ANYCAST) |
m->m_flags |= M_ANYCAST6; |
m->m_flags |= M_ANYCAST6; |
|
/* |
|
* packets to a tentative, duplicated, or somehow invalid |
|
* address must not be accepted. |
|
*/ |
if (!(ia6->ia6_flags & IN6_IFF_NOTREADY)) { |
if (!(ia6->ia6_flags & IN6_IFF_NOTREADY)) { |
/* this interface is ready */ |
/* this address is ready */ |
ours = 1; |
ours = 1; |
deliverifp = ia6->ia_ifp; /* correct? */ |
deliverifp = ia6->ia_ifp; /* correct? */ |
goto hbhcheck; |
goto hbhcheck; |
} else { |
} else { |
/* this interface is not ready, fall through */ |
/* address is not ready, so discard the packet. */ |
|
log(LOG_INFO, |
|
"ip6_input: packet to an unready address %s->%s", |
|
ip6_sprintf(&ip6->ip6_src), |
|
ip6_sprintf(&ip6->ip6_dst)); |
|
|
|
goto bad; |
} |
} |
} |
} |
|
|
|
|
return; |
return; |
} |
} |
|
|
|
ip6 = mtod(m, struct ip6_hdr *); |
|
|
|
/* |
|
* Malicious party may be able to use IPv4 mapped addr to confuse |
|
* tcp/udp stack and bypass security checks (act as if it was from |
|
* 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1). Be cautious. |
|
* |
|
* For SIIT end node behavior, you may want to disable the check. |
|
* However, you will become vulnerable to attacks using IPv4 mapped |
|
* source. |
|
*/ |
|
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || |
|
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { |
|
ip6stat.ip6s_badscope++; |
|
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); |
|
goto bad; |
|
} |
|
|
/* |
/* |
* Tell launch routine the next header |
* Tell launch routine the next header |
*/ |
*/ |