CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2013/10/19 15:25:16
Modified files:
sys/netinet6 : ip6_input.c route6.c
Log message:
Our IPv6 stack was scanning all extension headers for routing header
type 0 and dropped the packet if it found one. RFC 5095 demands
to handle a routing header type 0 like an unrecognised routing type.
This is enough to protect the own machine.
To protect a network as a firewall, we have pf which does the same
full scan in pf_walk_header6(). As pf is enabled by default, nothing
changes for most users. If you turn off pf on your router, you
should not expect extra protection.
Get rid of the double scanning in ip6_input() and and the older
disabled code in route6_input(). No more special treatment of
routing header type 0 in the IPv6 stack.
OK henning@ mikeb@
