mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 21:05:08 +00:00
Disable IPv4 over IPv4 tunnel on the 6to4 interface for better security.
Approved by: jkh
This commit is contained in:
parent
94b65aeee9
commit
820b57927e
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=57920
|
@ -154,7 +154,11 @@ in_gif_output(ifp, family, m, rt)
|
|||
iphdr.ip_src = sin_src->sin_addr;
|
||||
#ifdef INET6
|
||||
/* XXX: temporal stf support hack */
|
||||
if (bcmp(ifp->if_name, "stf", 3) == 0 && ip6 != NULL) {
|
||||
if (bcmp(ifp->if_name, "stf", 3) == 0) {
|
||||
if (ip6 == NULL) {
|
||||
m_freem(m);
|
||||
return ENETUNREACH;
|
||||
}
|
||||
if (IN6_IS_ADDR_6TO4(&ip6->ip6_dst))
|
||||
iphdr.ip_dst = *GET_V4(&ip6->ip6_dst);
|
||||
else if (rt && rt->rt_gateway->sa_family == AF_INET6) {
|
||||
|
@ -309,6 +313,13 @@ in_gif_input(struct mbuf *m, int off, int proto)
|
|||
case IPPROTO_IPV4:
|
||||
{
|
||||
struct ip *ip;
|
||||
|
||||
#ifdef INET6
|
||||
if (bcmp(gifp->if_name, "stf", 3) == 0) {
|
||||
m_freem(m);
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
af = AF_INET;
|
||||
if (m->m_len < sizeof(*ip)) {
|
||||
m = m_pullup(m, sizeof(*ip));
|
||||
|
|
Loading…
Reference in a new issue