Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netinet pull in deprecated address handling from KAME sy...
details: https://anonhg.NetBSD.org/src/rev/a4c4c1582d33
branches: trunk
changeset: 535440:a4c4c1582d33
user: itojun <itojun%NetBSD.org@localhost>
date: Mon Aug 19 02:13:46 2002 +0000
description:
pull in deprecated address handling from KAME sys/netinet6/tcp6_input.c.
diffstat:
sys/netinet/tcp_input.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 46 insertions(+), 2 deletions(-)
diffs (69 lines):
diff -r 9b43126e6ded -r a4c4c1582d33 sys/netinet/tcp_input.c
--- a/sys/netinet/tcp_input.c Mon Aug 19 01:54:58 2002 +0000
+++ b/sys/netinet/tcp_input.c Mon Aug 19 02:13:46 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_input.c,v 1.150 2002/08/14 00:23:33 itojun Exp $ */
+/* $NetBSD: tcp_input.c,v 1.151 2002/08/19 02:13:46 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -152,7 +152,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.150 2002/08/14 00:23:33 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.151 2002/08/19 02:13:46 itojun Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -1386,6 +1386,50 @@
}
/*
+ * If deprecated address is forbidden, we do
+ * not accept SYN to deprecated interface
+ * address to prevent any new inbound
+ * connection from getting established.
+ * When we do not accept SYN, we send a TCP RST,
+ * with deprecated source address (instead
+ * of dropping it). We compromise it as it is
+ * much better for peer to send a RST, and RST
+ * will be the final packet for the exchange.
+ *
+ * If we do not forbid deprecated addresses,
+ * we accept the SYN packet. RFC2462 does not
+ * suggest dropping SYN in this case. If we
+ * decipher RFC2462 5.5.4, it says like this:
+ * 1. use of deprecated addr with existing
+ * communication is okay - "SHOULD continue
+ * to be used"
+ * 2. use of it with new communication:
+ * (2a) "SHOULD NOT be used if alternate
+ * address with sufficient scope is
+ * available"
+ * (2b) nothing mentioned otherwise.
+ * Here we fall into (2b) case as we have no
+ * choice in our source address selection -
+ * we must obey the peer.
+ *
+ * The wording in RFC2462 is confusing, and
+ * there are multiple description text for
+ * deprecated address handling - worse, they
+ * are not exactly the same. I believe
+ * 5.5.4 is the best one, so we follow 5.5.4.
+ */
+ if (!ip6_use_deprecated) {
+ struct in6_ifaddr *ia6;
+
+ if ((ia6 = in6ifa_ifpwithaddr(m->m_pkthdr.rcvif,
+ &ip6->ip6_dst)) &&
+ (ia6->ia6_flags & IN6_IFF_DEPRECATED)) {
+ tp = NULL;
+ goto dropwithreset;
+ }
+ }
+
+ /*
* SYN looks ok; create compressed TCP
* state for it.
*/
Home |
Main Index |
Thread Index |
Old Index