Hi,
The loopback check in ip6_input_if() seems needless. The ::1
destination address is in the routing table and will be identified
as any other local address. Better use the generic IP input path.
I see no reason to handle ::1 source address special. We do not
have this check for IPv4. Kame has removed it in this commit.
revision 1.189
date: 2001/04/01 09:08:57; author: jinmei; state: Exp; lines: +22 -23;
clarified goto-ours logic:
1. separated checks against spoofed ::1 src/dst from the goto-ours check.
this also fixed a bug that the kernel accepted a packet with
src=::1, dst=invalid, rcvif=lo0
(you can test it by 'ping6 -S ::1 fe80::%lo0", where is not an
interface ID of lo0)
2. (experimentally) omitted a specical case for link-local destinations at a
loopback interface. I believe this is correct, because
- we now have a host route for fe80::1%lo0, so we can accept a packet to
the address using the generic logic.
- we can reject packets to fe80::%lo0 ( != 1) by the check for
the RTF_GATEWAY bit for rt_flags (ip6_input.c line 872).
*** NOTE to developers:***
this is the case for bsdi4, but please check it on other platforms.
after the confirmation, I'll completely remove the part (currently, it's
just escaped by '#ifdef 0')
ok?
bluhm
Index: netinet6/ip6_input.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/ip6_input.c,v
retrieving revision 1.221
diff -u -p -r1.221 ip6_input.c
--- netinet6/ip6_input.c8 Dec 2019 11:08:22 - 1.221
+++ netinet6/ip6_input.c23 Dec 2019 21:48:01 -
@@ -335,12 +335,6 @@ ip6_input_if(struct mbuf **mp, int *offp
goto bad;
}
- if (IN6_IS_ADDR_LOOPBACK(&ip6->ip6_src) ||
- IN6_IS_ADDR_LOOPBACK(&ip6->ip6_dst)) {
- nxt = ip6_ours(mp, offp, nxt, af);
- goto out;
- }
-
#if NPF > 0
if (pf_ouraddr(m) == 1) {
nxt = ip6_ours(mp, offp, nxt, af);
