diff options
Diffstat (limited to 'sys/netinet6')
-rw-r--r-- | sys/netinet6/ip6_input.c | 80 | ||||
-rw-r--r-- | sys/netinet6/route6.c | 123 |
2 files changed, 5 insertions, 198 deletions
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index be34304d7c9..d8915befeb9 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_input.c,v 1.115 2013/10/17 16:27:46 bluhm Exp $ */ +/* $OpenBSD: ip6_input.c,v 1.116 2013/10/19 21:25:15 bluhm Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -122,7 +122,6 @@ struct ifqueue ip6intrq; struct ip6stat ip6stat; void ip6_init2(void *); -int ip6_check_rh0hdr(struct mbuf *, int *); int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *); struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); @@ -318,15 +317,6 @@ ip6_input(struct mbuf *m) } #endif - if (ip6_check_rh0hdr(m, &off)) { - ip6stat.ip6s_badoptions++; - in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); - in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); - icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER, off); - /* m is already freed */ - return; - } - #if NPF > 0 /* * Packet filter @@ -707,74 +697,6 @@ ip6_input(struct mbuf *m) m_freem(m); } -/* scan packet for RH0 routing header. Mostly stolen from pf.c:pf_test() */ -int -ip6_check_rh0hdr(struct mbuf *m, int *offp) -{ - struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); - struct ip6_rthdr rthdr; - struct ip6_ext opt6; - u_int8_t proto = ip6->ip6_nxt; - int done = 0, lim, off, rh_cnt = 0; - - off = ((caddr_t)ip6 - m->m_data) + sizeof(struct ip6_hdr); - lim = min(m->m_pkthdr.len, ntohs(ip6->ip6_plen) + sizeof(*ip6)); - do { - switch (proto) { - case IPPROTO_ROUTING: - *offp = off; - if (rh_cnt++) { - /* more then one rh header present */ - return (1); - } - - if (off + sizeof(rthdr) > lim) { - /* packet to short to make sense */ - return (1); - } - - m_copydata(m, off, sizeof(rthdr), (caddr_t)&rthdr); - - if (rthdr.ip6r_type == IPV6_RTHDR_TYPE_0) { - *offp += offsetof(struct ip6_rthdr, ip6r_type); - return (1); - } - - off += (rthdr.ip6r_len + 1) * 8; - proto = rthdr.ip6r_nxt; - break; - case IPPROTO_AH: - case IPPROTO_HOPOPTS: - case IPPROTO_DSTOPTS: - /* get next header and header length */ - if (off + sizeof(opt6) > lim) { - /* - * Packet to short to make sense, we could - * reject the packet but as a router we - * should not do that so forward it. - */ - return (0); - } - - m_copydata(m, off, sizeof(opt6), (caddr_t)&opt6); - - if (proto == IPPROTO_AH) - off += (opt6.ip6e_len + 2) * 4; - else - off += (opt6.ip6e_len + 1) * 8; - proto = opt6.ip6e_nxt; - break; - case IPPROTO_FRAGMENT: - default: - /* end of header stack */ - done = 1; - break; - } - } while (!done); - - return (0); -} - /* * Hop-by-Hop options header processing. If a valid jumbo payload option is * included, the real payload length will be stored in plenp. diff --git a/sys/netinet6/route6.c b/sys/netinet6/route6.c index 62aa3de5b1f..d129046b700 100644 --- a/sys/netinet6/route6.c +++ b/sys/netinet6/route6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: route6.c,v 1.17 2008/06/11 19:00:50 mcbride Exp $ */ +/* $OpenBSD: route6.c,v 1.18 2013/10/19 21:25:15 bluhm Exp $ */ /* $KAME: route6.c,v 1.22 2000/12/03 00:54:00 itojun Exp $ */ /* @@ -44,10 +44,6 @@ #include <netinet/icmp6.h> -#if 0 -static int ip6_rthdr0(struct mbuf *, struct ip6_hdr *, struct ip6_rthdr0 *); -#endif - /* * proto is unused */ @@ -68,43 +64,12 @@ route6_input(struct mbuf **mp, int *offp, int proto) } switch (rh->ip6r_type) { -#if 0 - /* - * See http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf - * for why IPV6_RTHDR_TYPE_0 is banned here. - * - * We return ICMPv6 parameter problem so that innocent people - * (not an attacker) would notice about the use of IPV6_RTHDR_TYPE_0. - * Since there's no amplification, and ICMPv6 error will be rate- - * controlled, it shouldn't cause any problem. - * If you are concerned about this, you may want to use the following - * code fragment: - * - * case IPV6_RTHDR_TYPE_0: - * m_freem(m); - * return (IPPROTO_DONE); - */ case IPV6_RTHDR_TYPE_0: - rhlen = (rh->ip6r_len + 1) << 3; - if (rh->ip6r_segleft == 0) - break; /* Final dst. Just ignore the header. */ /* - * note on option length: - * maximum rhlen: 2048 - * max mbuf m_pulldown can handle: MCLBYTES == usually 2048 - * so, here we are assuming that m_pulldown can handle - * rhlen == 2048 case. this may not be a good thing to - * assume - we may want to avoid pulling it up altogether. + * RFC 5095 specifies to handle routing header type 0 + * the same way as an unrecognised routing type. */ - IP6_EXTHDR_GET(rh, struct ip6_rthdr *, m, off, rhlen); - if (rh == NULL) { - ip6stat.ip6s_tooshort++; - return IPPROTO_DONE; - } - if (ip6_rthdr0(m, ip6, (struct ip6_rthdr0 *)rh)) - return (IPPROTO_DONE); - break; -#endif + /* FALLTHROUGH */ default: /* unknown routing type */ if (rh->ip6r_segleft == 0) { @@ -120,83 +85,3 @@ route6_input(struct mbuf **mp, int *offp, int proto) *offp += rhlen; return (rh->ip6r_nxt); } - -#if 0 -/* - * Type0 routing header processing - * - * RFC2292 backward compatibility warning: no support for strict/loose bitmap, - * as it was dropped between RFC1883 and RFC2460. - */ -static int -ip6_rthdr0(struct mbuf *m, struct ip6_hdr *ip6, struct ip6_rthdr0 *rh0) -{ - int addrs, index; - struct in6_addr *nextaddr, tmpaddr; - - if (rh0->ip6r0_segleft == 0) - return (0); - - if (rh0->ip6r0_len % 2) { - /* - * Type 0 routing header can't contain more than 23 addresses. - * RFC 2460: this limitation was removed since strict/loose - * bitmap field was deleted. - */ - ip6stat.ip6s_badoptions++; - icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER, - (caddr_t)&rh0->ip6r0_len - (caddr_t)ip6); - return (-1); - } - - if ((addrs = rh0->ip6r0_len / 2) < rh0->ip6r0_segleft) { - ip6stat.ip6s_badoptions++; - icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER, - (caddr_t)&rh0->ip6r0_segleft - (caddr_t)ip6); - return (-1); - } - - index = addrs - rh0->ip6r0_segleft; - rh0->ip6r0_segleft--; - nextaddr = ((struct in6_addr *)(rh0 + 1)) + index; - - /* - * reject invalid addresses. be proactive about malicious use of - * IPv4 mapped/compat address. - * XXX need more checks? - */ - if (IN6_IS_ADDR_MULTICAST(nextaddr) || - IN6_IS_ADDR_UNSPECIFIED(nextaddr) || - IN6_IS_ADDR_V4MAPPED(nextaddr) || - IN6_IS_ADDR_V4COMPAT(nextaddr)) { - ip6stat.ip6s_badoptions++; - goto bad; - } - if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) || - IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst) || - IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst) || - IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { - ip6stat.ip6s_badoptions++; - goto bad; - } - - /* - * Swap the IPv6 destination address and nextaddr. Forward the packet. - */ - tmpaddr = *nextaddr; - *nextaddr = ip6->ip6_dst; - if (IN6_IS_ADDR_LINKLOCAL(nextaddr)) - nextaddr->s6_addr16[1] = 0; - ip6->ip6_dst = tmpaddr; - if (IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_dst)) - ip6->ip6_dst.s6_addr16[1] = htons(m->m_pkthdr.rcvif->if_index); - - ip6_forward(m, 1); - - return (-1); /* m would be freed in ip6_forward() */ - - bad: - m_freem(m); - return (-1); -} -#endif |