Changeset View
Changeset View
Standalone View
Standalone View
head/sys/netinet6/ip6_input.c
| Show First 20 Lines • Show All 891 Lines • ▼ Show 20 Lines | if (ip6_mforward && ip6_mforward(ip6, rcvif, m)) { | ||||
| IP6STAT_INC(ip6s_cantforward); | IP6STAT_INC(ip6s_cantforward); | ||||
| goto bad; | goto bad; | ||||
| } | } | ||||
| } else if (!ours) { | } else if (!ours) { | ||||
| ip6_forward(m, srcrt); | ip6_forward(m, srcrt); | ||||
| return; | return; | ||||
| } | } | ||||
| ip6 = mtod(m, struct ip6_hdr *); | |||||
| /* | |||||
| * Malicious party may be able to use IPv4 mapped addr to confuse | |||||
| * tcp/udp stack and bypass security checks (act as if it was from | |||||
| * 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1). Be cautious. | |||||
| * | |||||
| * For SIIT end node behavior, you may want to disable the check. | |||||
| * However, you will become vulnerable to attacks using IPv4 mapped | |||||
| * source. | |||||
| */ | |||||
| if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || | |||||
| IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { | |||||
| IP6STAT_INC(ip6s_badscope); | |||||
| in6_ifstat_inc(rcvif, ifs6_in_addrerr); | |||||
| goto bad; | |||||
| } | |||||
| /* | /* | ||||
| * Tell launch routine the next header | * Tell launch routine the next header | ||||
| */ | */ | ||||
| IP6STAT_INC(ip6s_delivered); | IP6STAT_INC(ip6s_delivered); | ||||
| in6_ifstat_inc(rcvif, ifs6_in_deliver); | in6_ifstat_inc(rcvif, ifs6_in_deliver); | ||||
| nest = 0; | nest = 0; | ||||
| while (nxt != IPPROTO_DONE) { | while (nxt != IPPROTO_DONE) { | ||||
| ▲ Show 20 Lines • Show All 830 Lines • Show Last 20 Lines | |||||