After discussion with deraadt@ and Fernando Gont, it seems that the

stack should still scan for IPv6 type 0 routing headers.  There are
OpenBSD routers running without pf and there are plenty of legacy
implementations supporting RH0.

Bring back the function ip6_check_rh0hdr() that I removed a month
ago.  As an improvement to the prevoius solution, only scan the
header chain in ip6_input() if the packet has not been inspected
by pf.  Both implementations drop packets with RH0 anywhere in the
extension header chain.

OK mikeb@ henning@

0 files changed, 0 insertions, 0 deletions