[BACK]Return to ip6_input.c CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / sys / netinet6

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/sys/netinet6/ip6_input.c between version 1.23 and 1.25

version 1.23, 2000/06/28 03:04:03 version 1.25, 2000/07/06 12:36:19
Line 1 
Line 1 
 /*      $NetBSD$        */  /*      $NetBSD$        */
 /*      $KAME: ip6_input.c,v 1.94 2000/06/13 10:06:19 jinmei Exp $      */  /*      $KAME: ip6_input.c,v 1.95 2000/07/02 07:49:37 jinmei Exp $      */
   
 /*  /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.   * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
Line 446  ip6_input(m)
Line 446  ip6_input(m)
             (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 &&              (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 &&
             IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,              IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,
                                &ip6_forward_rt.ro_dst.sin6_addr))                                 &ip6_forward_rt.ro_dst.sin6_addr))
                 ; /* cache hit */                  ip6stat.ip6s_forward_cachehit++;
         else {          else {
                 if (ip6_forward_rt.ro_rt) {                  if (ip6_forward_rt.ro_rt) {
                         /* route is down or destination is different */                          /* route is down or destination is different */
                           ip6stat.ip6s_forward_cachemiss++;
                         RTFREE(ip6_forward_rt.ro_rt);                          RTFREE(ip6_forward_rt.ro_rt);
                         ip6_forward_rt.ro_rt = 0;                          ip6_forward_rt.ro_rt = 0;
                 }                  }
Line 488  ip6_input(m)
Line 489  ip6_input(m)
             ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_LOOP) {              ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_LOOP) {
                 struct in6_ifaddr *ia6 =                  struct in6_ifaddr *ia6 =
                         (struct in6_ifaddr *)ip6_forward_rt.ro_rt->rt_ifa;                          (struct in6_ifaddr *)ip6_forward_rt.ro_rt->rt_ifa;
                 /* packet to tentative address must not be received */  
                 if (ia6->ia6_flags & IN6_IFF_ANYCAST)                  if (ia6->ia6_flags & IN6_IFF_ANYCAST)
                         m->m_flags |= M_ANYCAST6;                          m->m_flags |= M_ANYCAST6;
                   /*
                    * packets to a tentative, duplicated, or somehow invalid
                    * address must not be accepted.
                    */
                 if (!(ia6->ia6_flags & IN6_IFF_NOTREADY)) {                  if (!(ia6->ia6_flags & IN6_IFF_NOTREADY)) {
                         /* this interface is ready */                          /* this address is ready */
                         ours = 1;                          ours = 1;
                         deliverifp = ia6->ia_ifp;       /* correct? */                          deliverifp = ia6->ia_ifp;       /* correct? */
                         goto hbhcheck;                          goto hbhcheck;
                 } else {                  } else {
                         /* this interface is not ready, fall through */                          /* address is not ready, so discard the packet. */
                           log(LOG_INFO,
                               "ip6_input: packet to an unready address %s->%s",
                               ip6_sprintf(&ip6->ip6_src),
                               ip6_sprintf(&ip6->ip6_dst));
   
                           goto bad;
                 }                  }
         }          }
   
Line 656  ip6_input(m)
Line 666  ip6_input(m)
                 return;                  return;
         }          }
   
           ip6 = mtod(m, struct ip6_hdr *);
   
           /*
            * Malicious party may be able to use IPv4 mapped addr to confuse
            * tcp/udp stack and bypass security checks (act as if it was from
            * 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1).  Be cautious.
            *
            * For SIIT end node behavior, you may want to disable the check.
            * However, you will  become vulnerable to attacks using IPv4 mapped
            * source.
            */
           if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
               IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
                   ip6stat.ip6s_badscope++;
                   in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
                   goto bad;
           }
   
         /*          /*
          * Tell launch routine the next header           * Tell launch routine the next header
          */           */

Legend:
Removed from v.1.23  
changed lines
  Added in v.1.25

CVSweb <webmaster@jp.NetBSD.org>