CVSROOT: /cvs Module name: src Changes by: bl...@cvs.openbsd.org 2011/08/04 10:40:08
Modified files:
sys/netinet6 : ip6_input.c
Log message:
Move the check that ::1 is not allowed from the wire before pf_test().
Otherwise pf could reroute or redirect such a packet. KAME moved
it in rev 1.189 of their ip6_input.c. This also allows rdr or nat
to ::1 in pf.
bug report and test camield@
ok mikeb@; go for it deraadt@
