Changeset View
Changeset View
Standalone View
Standalone View
head/sys/netinet6/ip6_input.c
Show First 20 Lines • Show All 891 Lines • ▼ Show 20 Lines | if (ip6_mforward && ip6_mforward(ip6, rcvif, m)) { | ||||
IP6STAT_INC(ip6s_cantforward); | IP6STAT_INC(ip6s_cantforward); | ||||
goto bad; | goto bad; | ||||
} | } | ||||
} else if (!ours) { | } else if (!ours) { | ||||
ip6_forward(m, srcrt); | ip6_forward(m, srcrt); | ||||
return; | return; | ||||
} | } | ||||
ip6 = mtod(m, struct ip6_hdr *); | |||||
/* | |||||
* Malicious party may be able to use IPv4 mapped addr to confuse | |||||
* tcp/udp stack and bypass security checks (act as if it was from | |||||
* 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1). Be cautious. | |||||
* | |||||
* For SIIT end node behavior, you may want to disable the check. | |||||
* However, you will become vulnerable to attacks using IPv4 mapped | |||||
* source. | |||||
*/ | |||||
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || | |||||
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { | |||||
IP6STAT_INC(ip6s_badscope); | |||||
in6_ifstat_inc(rcvif, ifs6_in_addrerr); | |||||
goto bad; | |||||
} | |||||
/* | /* | ||||
* Tell launch routine the next header | * Tell launch routine the next header | ||||
*/ | */ | ||||
IP6STAT_INC(ip6s_delivered); | IP6STAT_INC(ip6s_delivered); | ||||
in6_ifstat_inc(rcvif, ifs6_in_deliver); | in6_ifstat_inc(rcvif, ifs6_in_deliver); | ||||
nest = 0; | nest = 0; | ||||
while (nxt != IPPROTO_DONE) { | while (nxt != IPPROTO_DONE) { | ||||
▲ Show 20 Lines • Show All 830 Lines • Show Last 20 Lines |