ipv6 mapped address input

Fri, 05 May 2017 08:32:37 -0700 

Hi,

Checking for IPv6 mapped IPv4 addreses is the task of ip6_input().
Doing it again in the protocol input functions gains nothing.

ok to remove the double check?

bluhm

Index: netinet/tcp_input.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_input.c,v
retrieving revision 1.343
diff -u -p -r1.343 tcp_input.c
--- netinet/tcp_input.c 4 May 2017 17:58:46 -0000       1.343
+++ netinet/tcp_input.c 5 May 2017 15:16:37 -0000
@@ -424,13 +424,6 @@ tcp_input(struct mbuf **mp, int *offp, i
                iptos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
 #endif
 
-               /* Be proactive about malicious use of IPv4 mapped address */
-               if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
-                   IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
-                       /* XXX stat */
-                       goto drop;
-               }
-
                /*
                 * Be proactive about unspecified IPv6 address in source.
                 * As we use all-zero to indicate unbounded/unconnected pcb,
Index: netinet/udp_usrreq.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/udp_usrreq.c,v
retrieving revision 1.236
diff -u -p -r1.236 udp_usrreq.c
--- netinet/udp_usrreq.c        4 May 2017 17:58:46 -0000       1.236
+++ netinet/udp_usrreq.c        5 May 2017 15:19:59 -0000
@@ -225,12 +225,6 @@ udp_input(struct mbuf **mp, int *offp, i
                        goto bad;
                }
                ip6 = mtod(m, struct ip6_hdr *);
-               /* Be proactive about malicious use of IPv4 mapped address */
-               if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
-                   IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
-                       /* XXX stat */
-                       goto bad;
-               }
                break;
 #endif /* INET6 */
        default:
Index: netinet6/raw_ip6.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/raw_ip6.c,v
retrieving revision 1.111
diff -u -p -r1.111 raw_ip6.c
--- netinet6/raw_ip6.c  19 Apr 2017 15:44:45 -0000      1.111
+++ netinet6/raw_ip6.c  5 May 2017 15:24:10 -0000
@@ -130,14 +130,6 @@ rip6_input(struct mbuf **mp, int *offp, 
        if (proto != IPPROTO_ICMPV6)
                rip6stat_inc(rip6s_ipackets);
 
-       /* Be proactive about malicious use of IPv4 mapped address */
-       if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
-           IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
-               /* XXX stat */
-               m_freem(m);
-               return IPPROTO_DONE;
-       }
-
        bzero(&rip6src, sizeof(rip6src));
        rip6src.sin6_len = sizeof(struct sockaddr_in6);
        rip6src.sin6_family = AF_INET6;

Reply via email to