In ip6_input() we apply the same v4mapped address check twice. The only
case which skipps the first one is M_FASTFWD_OURS which should have passed
the check on the firstinput pass and passed the firewall.
Remove the 2nd redundant check.
Details
Details
Diff Detail
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
No Lint Coverage - Unit
No Test Coverage - Build Status
Buildable 27660 Build 25864: arc lint + arc unit
Event Timeline
Comment Actions
LGTM.
Just for the logging purposes, the timeline looked like this:
- 21 Dec 1999: Introduction of the first block "be paranoid about malicious use of v4 mapped addr on v6 packet.)"
- 21 Mar 2000: Disable block1 "remove strong check against IPv4 compatible address. this (wrongly) forbids RFC1933 relaying case.."
- 28 Mar 2000: Move block1 to block2 "SIIT assumes that routers forward native IPv6 packet with IPv4 mapped address just like for normal packets. move IPv4 mapped address src/dst check downwards."
- 26 Jul 2000: Add block1 back "reject IPv6 traffic, with IPv4 mapped address in the header. the code was removed once, but in a second thought, it makes more sense as we cannot live in SIIT environment anyways. see comments for detail."
Btw, don't we want to update block1 comments as well?
"This check chokes if we are in an SIIT cloud. As none of BSDs support IPv4-less kernel compilation, ..." ? :-)