Page MenuHomeFreeBSD

ip6_input: remove redundant v4mapped check
ClosedPublic

Authored by bz on Nov 20 2019, 6:32 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Dec 16, 9:56 AM
Unknown Object (File)
Tue, Nov 26, 1:12 AM
Unknown Object (File)
Oct 1 2024, 11:43 AM
Unknown Object (File)
Sep 24 2024, 9:27 AM
Unknown Object (File)
Sep 12 2024, 8:06 AM
Unknown Object (File)
Sep 9 2024, 1:48 PM
Unknown Object (File)
Sep 8 2024, 8:39 PM
Unknown Object (File)
Sep 8 2024, 1:56 PM

Details

Summary

In ip6_input() we apply the same v4mapped address check twice. The only
case which skipps the first one is M_FASTFWD_OURS which should have passed
the check on the firstinput pass and passed the firewall.
Remove the 2nd redundant check.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

melifaro added a subscriber: melifaro.

LGTM.

Just for the logging purposes, the timeline looked like this:

  1. 21 Dec 1999: Introduction of the first block "be paranoid about malicious use of v4 mapped addr on v6 packet.)"
  2. 21 Mar 2000: Disable block1 "remove strong check against IPv4 compatible address. this (wrongly) forbids RFC1933 relaying case.."
  3. 28 Mar 2000: Move block1 to block2 "SIIT assumes that routers forward native IPv6 packet with IPv4 mapped address just like for normal packets. move IPv4 mapped address src/dst check downwards."
  4. 26 Jul 2000: Add block1 back "reject IPv6 traffic, with IPv4 mapped address in the header. the code was removed once, but in a second thought, it makes more sense as we cannot live in SIIT environment anyways. see comments for detail."

Btw, don't we want to update block1 comments as well?
"This check chokes if we are in an SIIT cloud. As none of BSDs support IPv4-less kernel compilation, ..." ? :-)

This revision is now accepted and ready to land.Dec 2 2019, 7:29 PM
This revision was automatically updated to reflect the committed changes.