d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Pullup even when the extention header is unknown, to prevent

Browse Source 
infinite loop with net.inet6.ip6.fw.deny_unknown_exthdrs=0.
- Teach ipv6 and ipencap as they appear in an IPv4/IPv6 over IPv6
  tunnel.
- Test the next extention header even when the routing header type
  is unknown with net.inet6.ip6.fw.deny_unknown_exthdrs=0.

Found by:	xcast-fan-club
MFC after:	1 week
This commit is contained in:
ume 2006-06-22 13:22:54 +00:00
parent bfe074b2a8
commit bddec6f4bb
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
sys/netinet/ip_fw2.c
View File

@ -2189,7 +2189,10 @@ do { \
case IPPROTO_ROUTING: /* RFC 2460 */
PULLUP_TO(hlen, ulp, struct ip6_rthdr);
if (((struct ip6_rthdr *)ulp)->ip6r_type != 0) {
switch (((struct ip6_rthdr *)ulp)->ip6r_type) {
case 0:
break;
default:
printf("IPFW2: IPV6 - Unknown Routing "
"Header type(%d)\n",
((struct ip6_rthdr *)ulp)->ip6r_type);
@ -2260,11 +2263,20 @@ do { \
PULLUP_TO(hlen, ulp, struct ip6_ext);
break;
case IPPROTO_IPV6: /* RFC 2893 */
PULLUP_TO(hlen, ulp, struct ip6_hdr);
break;
case IPPROTO_IPV4: /* RFC 2893 */
PULLUP_TO(hlen, ulp, struct ip);
break;
default:
printf("IPFW2: IPV6 - Unknown Extension "
"Header(%d), ext_hd=%x\n", proto, ext_hd);
if (fw_deny_unknown_exthdrs)
return (IP_FW_DENY);
PULLUP_TO(hlen, ulp, struct ip6_ext);
break;
} /*switch */
}