Page MenuHomeFreeBSD

ip6_input: remove redundant v4mapped check
ClosedPublic

Authored by bz on Wed, Nov 20, 6:32 PM.

Details

Summary

In ip6_input() we apply the same v4mapped address check twice. The only
case which skipps the first one is M_FASTFWD_OURS which should have passed
the check on the firstinput pass and passed the firewall.
Remove the 2nd redundant check.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

bz created this revision.Wed, Nov 20, 6:32 PM
melifaro accepted this revision.Mon, Dec 2, 7:29 PM
melifaro added a subscriber: melifaro.

LGTM.

Just for the logging purposes, the timeline looked like this:

  1. 21 Dec 1999: Introduction of the first block "be paranoid about malicious use of v4 mapped addr on v6 packet.)"
  2. 21 Mar 2000: Disable block1 "remove strong check against IPv4 compatible address. this (wrongly) forbids RFC1933 relaying case.."
  3. 28 Mar 2000: Move block1 to block2 "SIIT assumes that routers forward native IPv6 packet with IPv4 mapped address just like for normal packets. move IPv4 mapped address src/dst check downwards."
  4. 26 Jul 2000: Add block1 back "reject IPv6 traffic, with IPv4 mapped address in the header. the code was removed once, but in a second thought, it makes more sense as we cannot live in SIIT environment anyways. see comments for detail."

Btw, don't we want to update block1 comments as well?
"This check chokes if we are in an SIIT cloud. As none of BSDs support IPv4-less kernel compilation, ..." ? :-)

This revision is now accepted and ready to land.Mon, Dec 2, 7:29 PM
kp accepted this revision.Tue, Dec 3, 4:19 AM
This revision was automatically updated to reflect the committed changes.