[BACK]Return to ip6_input.c CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / sys / netinet6

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/sys/netinet6/ip6_input.c between version 1.24 and 1.25

version 1.24, 2000/07/02 09:56:39 version 1.25, 2000/07/06 12:36:19
Line 446  ip6_input(m)
Line 446  ip6_input(m)
             (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 &&              (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 &&
             IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,              IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,
                                &ip6_forward_rt.ro_dst.sin6_addr))                                 &ip6_forward_rt.ro_dst.sin6_addr))
                 ; /* cache hit */                  ip6stat.ip6s_forward_cachehit++;
         else {          else {
                 if (ip6_forward_rt.ro_rt) {                  if (ip6_forward_rt.ro_rt) {
                         /* route is down or destination is different */                          /* route is down or destination is different */
                           ip6stat.ip6s_forward_cachemiss++;
                         RTFREE(ip6_forward_rt.ro_rt);                          RTFREE(ip6_forward_rt.ro_rt);
                         ip6_forward_rt.ro_rt = 0;                          ip6_forward_rt.ro_rt = 0;
                 }                  }
Line 665  ip6_input(m)
Line 666  ip6_input(m)
                 return;                  return;
         }          }
   
           ip6 = mtod(m, struct ip6_hdr *);
   
           /*
            * Malicious party may be able to use IPv4 mapped addr to confuse
            * tcp/udp stack and bypass security checks (act as if it was from
            * 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1).  Be cautious.
            *
            * For SIIT end node behavior, you may want to disable the check.
            * However, you will  become vulnerable to attacks using IPv4 mapped
            * source.
            */
           if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
               IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
                   ip6stat.ip6s_badscope++;
                   in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
                   goto bad;
           }
   
         /*          /*
          * Tell launch routine the next header           * Tell launch routine the next header
          */           */

Legend:
Removed from v.1.24  
changed lines
  Added in v.1.25

CVSweb <webmaster@jp.NetBSD.org>