Hi, Checking for IPv6 mapped IPv4 addreses is the task of ip6_input(). Doing it again in the protocol input functions gains nothing.
ok to remove the double check? bluhm Index: netinet/tcp_input.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_input.c,v retrieving revision 1.343 diff -u -p -r1.343 tcp_input.c --- netinet/tcp_input.c 4 May 2017 17:58:46 -0000 1.343 +++ netinet/tcp_input.c 5 May 2017 15:16:37 -0000 @@ -424,13 +424,6 @@ tcp_input(struct mbuf **mp, int *offp, i iptos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; #endif - /* Be proactive about malicious use of IPv4 mapped address */ - if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || - IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { - /* XXX stat */ - goto drop; - } - /* * Be proactive about unspecified IPv6 address in source. * As we use all-zero to indicate unbounded/unconnected pcb, Index: netinet/udp_usrreq.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/udp_usrreq.c,v retrieving revision 1.236 diff -u -p -r1.236 udp_usrreq.c --- netinet/udp_usrreq.c 4 May 2017 17:58:46 -0000 1.236 +++ netinet/udp_usrreq.c 5 May 2017 15:19:59 -0000 @@ -225,12 +225,6 @@ udp_input(struct mbuf **mp, int *offp, i goto bad; } ip6 = mtod(m, struct ip6_hdr *); - /* Be proactive about malicious use of IPv4 mapped address */ - if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || - IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { - /* XXX stat */ - goto bad; - } break; #endif /* INET6 */ default: Index: netinet6/raw_ip6.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/raw_ip6.c,v retrieving revision 1.111 diff -u -p -r1.111 raw_ip6.c --- netinet6/raw_ip6.c 19 Apr 2017 15:44:45 -0000 1.111 +++ netinet6/raw_ip6.c 5 May 2017 15:24:10 -0000 @@ -130,14 +130,6 @@ rip6_input(struct mbuf **mp, int *offp, if (proto != IPPROTO_ICMPV6) rip6stat_inc(rip6s_ipackets); - /* Be proactive about malicious use of IPv4 mapped address */ - if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || - IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { - /* XXX stat */ - m_freem(m); - return IPPROTO_DONE; - } - bzero(&rip6src, sizeof(rip6src)); rip6src.sin6_len = sizeof(struct sockaddr_in6); rip6src.sin6_family = AF_INET6;