On 06/05/16(Fri) 14:22, Stuart Henderson wrote:
> On 2016/05/06 15:05, Martin Pieuchot wrote:
> > This look like a bad merge from 2000s. This check is present twice in
> > ip6_input(), so let's remove the late one, ok?
> >
> > Index: netinet6/ip6_input.c
> > ===================================================================
> > RCS file: /cvs/src/sys/netinet6/ip6_input.c,v
> > retrieving revision 1.158
> > diff -u -p -r1.158 ip6_input.c
> > --- netinet6/ip6_input.c 19 Apr 2016 08:23:13 -0000 1.158
> > +++ netinet6/ip6_input.c 6 May 2016 13:01:34 -0000
> > @@ -600,21 +600,6 @@ ip6_input(struct mbuf *m)
> > ip6 = mtod(m, struct ip6_hdr *);
>
> OK, but I believe you can also remove this mtod.
Thanks for checking!
I left it for the moment. I know this has been introduce in the same
commit but I believe some code executed before rely on this.
I have *a lot* of upcoming refactoring for ip6_input() to be able to
only grab the KERNEL_LOCK for locally delivered packets so this will be
addressed along the way.
> > /*
> > - * Malicious party may be able to use IPv4 mapped addr to confuse
> > - * tcp/udp stack and bypass security checks (act as if it was from
> > - * 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1). Be cautious.
> > - *
> > - * For SIIT end node behavior, you may want to disable the check.
> > - * However, you will become vulnerable to attacks using IPv4 mapped
> > - * source.
> > - */
> > - if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
> > - IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
> > - ip6stat.ip6s_badscope++;
> > - goto bad;
> > - }
> > -
> > - /*
> > * Tell launch routine the next header
> > */
> > ip6stat.ip6s_delivered++;
> >
>
