system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-15 21:05:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Disable IPv4 over IPv4 tunnel on the 6to4 interface for better security.

Browse source 
Approved by: jkh
This commit is contained in:
Yoshinobu Inoue 2000-03-11 22:11:57 +00:00
parent 94b65aeee9
commit 820b57927e
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=57920
1 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
sys/netinet/in_gif.c
View file

@ -154,7 +154,11 @@ in_gif_output(ifp, family, m, rt)
iphdr.ip_src = sin_src->sin_addr;
#ifdef INET6
/* XXX: temporal stf support hack */
if (bcmp(ifp->if_name, "stf", 3) == 0 && ip6 != NULL) {
if (bcmp(ifp->if_name, "stf", 3) == 0) {
if (ip6 == NULL) {
m_freem(m);
return ENETUNREACH;
}
if (IN6_IS_ADDR_6TO4(&ip6->ip6_dst))
iphdr.ip_dst = *GET_V4(&ip6->ip6_dst);
else if (rt && rt->rt_gateway->sa_family == AF_INET6) {
@ -309,6 +313,13 @@ in_gif_input(struct mbuf *m, int off, int proto)
case IPPROTO_IPV4:
{
struct ip *ip;
#ifdef INET6
if (bcmp(gifp->if_name, "stf", 3) == 0) {
m_freem(m);
return;
}
#endif
af = AF_INET;
if (m->m_len < sizeof(*ip)) {
m = m_pullup(m, sizeof(*ip));