Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netinet better sync w/kame on deprecated address handlin...
details: https://anonhg.NetBSD.org/src/rev/6ace454c9b3c
branches: trunk
changeset: 535441:6ace454c9b3c
user: itojun <itojun%NetBSD.org@localhost>
date: Mon Aug 19 02:17:54 2002 +0000
description:
better sync w/kame on deprecated address handling. check af == AF_INET6.
diffstat:
sys/netinet/tcp_input.c | 95 +++++++++++++++++++++++++-----------------------
1 files changed, 49 insertions(+), 46 deletions(-)
diffs (123 lines):
diff -r a4c4c1582d33 -r 6ace454c9b3c sys/netinet/tcp_input.c
--- a/sys/netinet/tcp_input.c Mon Aug 19 02:13:46 2002 +0000
+++ b/sys/netinet/tcp_input.c Mon Aug 19 02:17:54 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_input.c,v 1.151 2002/08/19 02:13:46 itojun Exp $ */
+/* $NetBSD: tcp_input.c,v 1.152 2002/08/19 02:17:54 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -152,7 +152,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.151 2002/08/19 02:13:46 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.152 2002/08/19 02:17:54 itojun Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -1357,6 +1357,53 @@
* Received a SYN.
*/
+#ifdef INET6
+ /*
+ * If deprecated address is forbidden, we do
+ * not accept SYN to deprecated interface
+ * address to prevent any new inbound
+ * connection from getting established.
+ * When we do not accept SYN, we send a TCP
+ * RST, with deprecated source address (instead
+ * of dropping it). We compromise it as it is
+ * much better for peer to send a RST, and
+ * RST will be the final packet for the
+ * exchange.
+ *
+ * If we do not forbid deprecated addresses, we
+ * accept the SYN packet. RFC2462 does not
+ * suggest dropping SYN in this case.
+ * If we decipher RFC2462 5.5.4, it says like
+ * this:
+ * 1. use of deprecated addr with existing
+ * communication is okay - "SHOULD continue
+ * to be used"
+ * 2. use of it with new communication:
+ * (2a) "SHOULD NOT be used if alternate
+ * address with sufficient scope is
+ * available"
+ * (2b) nothing mentioned otherwise.
+ * Here we fall into (2b) case as we have no
+ * choice in our source address selection - we
+ * must obey the peer.
+ *
+ * The wording in RFC2462 is confusing, and
+ * there are multiple description text for
+ * deprecated address handling - worse, they
+ * are not exactly the same. I believe 5.5.4
+ * is the best one, so we follow 5.5.4.
+ */
+ if (af == AF_INET6 && !ip6_use_deprecated) {
+ struct in6_ifaddr *ia6;
+ if ((ia6 = in6ifa_ifpwithaddr(m->m_pkthdr.rcvif,
+ &ip6->ip6_dst)) &&
+ (ia6->ia6_flags & IN6_IFF_DEPRECATED)) {
+ tp = NULL;
+ goto dropwithreset;
+ }
+ }
+#endif
+
/*
* LISTEN socket received a SYN
* from itself? This can't possibly
@@ -1386,50 +1433,6 @@
}
/*
- * If deprecated address is forbidden, we do
- * not accept SYN to deprecated interface
- * address to prevent any new inbound
- * connection from getting established.
- * When we do not accept SYN, we send a TCP RST,
- * with deprecated source address (instead
- * of dropping it). We compromise it as it is
- * much better for peer to send a RST, and RST
- * will be the final packet for the exchange.
- *
- * If we do not forbid deprecated addresses,
- * we accept the SYN packet. RFC2462 does not
- * suggest dropping SYN in this case. If we
- * decipher RFC2462 5.5.4, it says like this:
- * 1. use of deprecated addr with existing
- * communication is okay - "SHOULD continue
- * to be used"
- * 2. use of it with new communication:
- * (2a) "SHOULD NOT be used if alternate
- * address with sufficient scope is
- * available"
- * (2b) nothing mentioned otherwise.
- * Here we fall into (2b) case as we have no
- * choice in our source address selection -
- * we must obey the peer.
- *
- * The wording in RFC2462 is confusing, and
- * there are multiple description text for
- * deprecated address handling - worse, they
- * are not exactly the same. I believe
- * 5.5.4 is the best one, so we follow 5.5.4.
- */
- if (!ip6_use_deprecated) {
- struct in6_ifaddr *ia6;
-
- if ((ia6 = in6ifa_ifpwithaddr(m->m_pkthdr.rcvif,
- &ip6->ip6_dst)) &&
- (ia6->ia6_flags & IN6_IFF_DEPRECATED)) {
- tp = NULL;
- goto dropwithreset;
- }
- }
-
- /*
* SYN looks ok; create compressed TCP
* state for it.
*/
Home |
Main Index |
Thread Index |
Old Index