diff options
author | Martin Pieuchot <mpi@cvs.openbsd.org> | 2016-05-07 09:58:07 +0000 |
---|---|---|
committer | Martin Pieuchot <mpi@cvs.openbsd.org> | 2016-05-07 09:58:07 +0000 |
commit | deb9d696f2eef0e3df4a0f7d3d476002595e6165 (patch) | |
tree | 5e786c1e99736876b1886d0e8ed6c5ea1d33e76b | |
parent | fce62e1ee07a462882c78467665644345245a7ae (diff) |
Remove duplicate check.
ok sthen@, visa@
-rw-r--r-- | sys/netinet6/ip6_input.c | 17 |
1 files changed, 1 insertions, 16 deletions
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index e9d318cf489..fa856e7ebac 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_input.c,v 1.158 2016/04/19 08:23:13 mpi Exp $ */ +/* $OpenBSD: ip6_input.c,v 1.159 2016/05/07 09:58:06 mpi Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -600,21 +600,6 @@ ip6_input(struct mbuf *m) ip6 = mtod(m, struct ip6_hdr *); /* - * Malicious party may be able to use IPv4 mapped addr to confuse - * tcp/udp stack and bypass security checks (act as if it was from - * 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1). Be cautious. - * - * For SIIT end node behavior, you may want to disable the check. - * However, you will become vulnerable to attacks using IPv4 mapped - * source. - */ - if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || - IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { - ip6stat.ip6s_badscope++; - goto bad; - } - - /* * Tell launch routine the next header */ ip6stat.ip6s_delivered++; |