xfnw/plan9fox
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

6in4: ingress filter multicast and link-local, but allow relay traffic

Browse source
This commit is contained in:
cinap_lenrek 2016-03-31 23:53:10 +02:00
parent 137533bd69
commit e93f7885da
1 changed files with 4 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
sys/src/cmd/ip/6in4.c
View file

@ -381,7 +381,6 @@ tunnel2ip(int in, int out)
{
int n, m;
char buf[64*1024];
uchar a[IPaddrlen];
Ip6hdr *op;
Iphdr *ip;
@ -419,14 +418,10 @@ tunnel2ip(int in, int out)
op = (Ip6hdr*)(buf + IPaddrlen + STFHDR);
n -= STFHDR;
/*
* don't relay: just accept packets for local host/subnet
* (this blocks link-local and multicast addresses as well)
*/
maskip(op->dst, localmask, a);
if (!equivip6(a, localnet)) {
syslog(0, "6in4", "ingress filtered %I -> %I; "
"dst not on local net", op->src, op->dst);
/* filter multicast and link-local, but allow relay traffic */
if (badipv6(op->src) || badipv6(op->dst)) {
syslog(0, "6in4", "ingress filtered %I -> %I; bad src/dst",
op->src, op->dst);
continue;
}
if (debug > 1)