Skip to content
Browse files

clarified goto-ours logic:

1. separated checks against spoofed ::1 src/dst from the goto-ours check.
   this also fixed a bug that the kernel accepted a packet with
   src=::1, dst=invalid, rcvif=lo0
   (you can test it by 'ping6 -S ::1 fe80::xxxx%lo0", where xxxx is not an
    interface ID of lo0)
2. (experimentally) omitted a specical case for link-local destinations at a
   loopback interface.  I believe this is correct, because
   - we now have a host route for fe80::1%lo0, so we can accept a packet to
     the address using the generic logic.
   - we can reject packets to fe80::xxxx%lo0 (xxxx != 1) by the check for
     the RTF_GATEWAY bit for rt_flags (ip6_input.c line 872).
   *** NOTE to developers:***
   this is the case for bsdi4, but please check it on other platforms.
   after the confirmation, I'll completely remove the part (currently, it's
   just escaped by '#ifdef 0')
  • Loading branch information...
1 parent 2605646 commit bc5c5ad112f7f2a7002308168013200dd50e3d24 jinmei committed Apr 1, 2001
Showing with 22 additions and 23 deletions.
  1. +22 −23 kame/sys/netinet6/ip6_input.c
View
45 kame/sys/netinet6/ip6_input.c
@@ -1,4 +1,4 @@
-/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */
+/* $KAME: ip6_input.c,v 1.189 2001/04/01 09:08:57 jinmei Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -631,25 +631,35 @@ ip6_input(m)
#endif
/*
- * Scope check
+ * Check against address spoofing/corruption.
*/
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) ||
IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) {
+ /*
+ * XXX: "badscope" is not very suitable for a multicast source.
+ */
+ ip6stat.ip6s_badscope++;
+ in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
+ goto bad;
+ }
+ if ((IN6_IS_ADDR_LOOPBACK(&ip6->ip6_src) ||
+ IN6_IS_ADDR_LOOPBACK(&ip6->ip6_dst)) &&
+ (m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) {
ip6stat.ip6s_badscope++;
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
goto bad;
}
/*
- * The following check is not documented in the spec. Malicious party
- * may be able to use IPv4 mapped addr to confuse tcp/udp stack and
- * bypass security checks (act as if it was from 127.0.0.1 by using
+ * The following check is not documented in specs. A malicious
+ * party may be able to use IPv4 mapped addr to confuse tcp/udp stack
+ * and bypass security checks (act as if it was from 127.0.0.1 by using
* IPv6 src ::ffff:127.0.0.1). Be cautious.
*
- * This check chokes if we are in SIIT cloud. As none of BSDs support
- * IPv4-less kernel compilation, we cannot support SIIT environment
- * at all. So, it makes more sense for us to reject any malicious
- * packets for non-SIIT environment, than try to do a partical support
- * for SIIT environment.
+ * This check chokes if we are in an SIIT cloud. As none of BSDs
+ * support IPv4-less kernel compilation, we cannot support SIIT
+ * environment at all. So, it makes more sense for us to reject any
+ * malicious packets for non-SIIT environment, than try to do a
+ * partical support for SIIT environment.
*/
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
@@ -673,19 +683,6 @@ ip6_input(m)
}
#endif
- if (IN6_IS_ADDR_LOOPBACK(&ip6->ip6_src) ||
- IN6_IS_ADDR_LOOPBACK(&ip6->ip6_dst)) {
- if (m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) {
- ours = 1;
- deliverifp = m->m_pkthdr.rcvif;
- goto hbhcheck;
- } else {
- ip6stat.ip6s_badscope++;
- in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
- goto bad;
- }
- }
-
/* drop packets if interface ID portion is already filled */
if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) {
if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src) &&
@@ -707,6 +704,7 @@ ip6_input(m)
ip6->ip6_dst.s6_addr16[1]
= htons(m->m_pkthdr.rcvif->if_index);
+#if 0 /* this case seems to be unnecessary. (jinmei, 20010401) */
/*
* We use rt->rt_ifp to determine if the address is ours or not.
* If rt_ifp is lo0, the address is ours.
@@ -729,6 +727,7 @@ ip6_input(m)
deliverifp = m->m_pkthdr.rcvif;
goto hbhcheck;
}
+#endif
/*
* Multicast check

0 comments on commit bc5c5ad

Please sign in to comment.
Something went wrong with that request. Please try again.