CVS commit: src/sys

["Maxime Villard" <maxv%netbsd.org@localhost>]

Module Name:    src
Committed By:   maxv
Date:           Thu Feb  8 19:58:05 UTC 2018

Modified Files:
        src/sys/netinet: tcp_input.c
        src/sys/netinet6: raw_ip6.c udp6_usrreq.c

Log Message:
Remove the IN6_IS_ADDR_V4MAPPED checks in the protocol functions. They
are useless, because the IPv6 entry point (ip6_input) already performs
them.

The checks were first added in the protocol functions:

        Wed Dec 22 04:03:02 1999 UTC (18 years, 1 month ago) by itojun

"drop IPv6 packets with v4 mapped address on src/dst.  they are illegal
and may be used to fool IPv6 implementations (by using ::ffff:127.0.0.1 as
source you may be able to pretend the packet is from local node)"

Shortly afterwards they were also added in the IPv6 entry point, but
where not removed from the protocol functions:

        Mon Jan 31 10:33:22 2000 UTC (18 years ago) by itojun

"be proactive about malicious packet on the wire.  we fear that v4 mapped
address to be used as a tool to hose security filters (like bypassing
"local host only" filter by using ::ffff:127.0.0.1)."

OpenBSD did the same a few months ago. FreeBSD has never had these checks.


To generate a diff of this commit:
cvs rdiff -u -r1.368 -r1.369 src/sys/netinet/tcp_input.c
cvs rdiff -u -r1.161 -r1.162 src/sys/netinet6/raw_ip6.c
cvs rdiff -u -r1.133 -r1.134 src/sys/netinet6/udp6_usrreq.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.