CVS commit: src/sys

Mon, 23 Apr 2018 00:23:14 -0700 

Module Name:    src
Committed By:   maxv
Date:           Mon Apr 23 07:22:54 UTC 2018

Modified Files:
        src/sys/netinet6: ip6_output.c
        src/sys/netipsec: xform_ah.c

Log Message:
Remove the kernel RH0 code. RH0 is deprecated by RFC5095, for security
reasons. RH0 was already removed in the kernel's input path, but some
parts were still present in the output path: they are now removed.

Sent on tech-net@ a few days ago.


To generate a diff of this commit:
cvs rdiff -u -r1.204 -r1.205 src/sys/netinet6/ip6_output.c
cvs rdiff -u -r1.92 -r1.93 src/sys/netipsec/xform_ah.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netinet6/ip6_output.c
diff -u src/sys/netinet6/ip6_output.c:1.204 src/sys/netinet6/ip6_output.c:1.205
--- src/sys/netinet6/ip6_output.c:1.204	Wed Apr 18 07:17:49 2018
+++ src/sys/netinet6/ip6_output.c	Mon Apr 23 07:22:54 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_output.c,v 1.204 2018/04/18 07:17:49 maxv Exp $	*/
+/*	$NetBSD: ip6_output.c,v 1.205 2018/04/23 07:22:54 maxv Exp $	*/
 /*	$KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.204 2018/04/18 07:17:49 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.205 2018/04/23 07:22:54 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -143,34 +143,11 @@ static int ip6_pcbopts(struct ip6_pktopt
 static int
 ip6_handle_rthdr(struct ip6_rthdr *rh, struct ip6_hdr *ip6)
 {
-	struct ip6_rthdr0 *rh0;
-	struct in6_addr *addr;
-	struct sockaddr_in6 sa;
 	int error = 0;
 
 	switch (rh->ip6r_type) {
 	case IPV6_RTHDR_TYPE_0:
-		rh0 = (struct ip6_rthdr0 *)rh;
-		addr = (struct in6_addr *)(rh0 + 1);
-
-		/*
-		 * construct a sockaddr_in6 form of the first hop.
-		 *
-		 * XXX we may not have enough information about its scope zone;
-		 * there is no standard API to pass the information from the
-		 * application.
-		 */
-		sockaddr_in6_init(&sa, addr, 0, 0, 0);
-		error = sa6_embedscope(&sa, ip6_use_defzone);
-		if (error != 0)
-			break;
-		memmove(&addr[0], &addr[1],
-		    sizeof(struct in6_addr) * (rh0->ip6r0_segleft - 1));
-		addr[rh0->ip6r0_segleft - 1] = ip6->ip6_dst;
-		ip6->ip6_dst = sa.sin6_addr;
-		/* XXX */
-		in6_clearscope(addr + rh0->ip6r0_segleft - 1);
-		break;
+		/* Dropped, RFC5095. */
 	default:	/* is it possible? */
 		error = EINVAL;
 	}
@@ -3205,13 +3182,7 @@ ip6_setpktopt(int optname, u_char *buf, 
 			return (EINVAL);
 		switch (rth->ip6r_type) {
 		case IPV6_RTHDR_TYPE_0:
-			if (rth->ip6r_len == 0)	/* must contain one addr */
-				return (EINVAL);
-			if (rth->ip6r_len % 2) /* length must be even */
-				return (EINVAL);
-			if (rth->ip6r_len / 2 != rth->ip6r_segleft)
-				return (EINVAL);
-			break;
+			/* Dropped, RFC5095. */
 		default:
 			return (EINVAL);	/* not supported */
 		}

Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.92 src/sys/netipsec/xform_ah.c:1.93
--- src/sys/netipsec/xform_ah.c:1.92	Thu Apr 19 08:27:39 2018
+++ src/sys/netipsec/xform_ah.c	Mon Apr 23 07:22:54 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: xform_ah.c,v 1.92 2018/04/19 08:27:39 maxv Exp $	*/
+/*	$NetBSD: xform_ah.c,v 1.93 2018/04/23 07:22:54 maxv Exp $	*/
 /*	$FreeBSD: xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
 /*
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.92 2018/04/19 08:27:39 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.93 2018/04/23 07:22:54 maxv Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -273,7 +273,6 @@ ah_massage_headers(struct mbuf **m0, int
 #ifdef INET6
 	struct ip6_ext *ip6e;
 	struct ip6_hdr ip6;
-	struct ip6_rthdr *rh;
 	int alloc, nxt;
 #endif
 
@@ -475,42 +474,7 @@ ah_massage_headers(struct mbuf **m0, int
 				break;
 
 			case IPPROTO_ROUTING:
-				/*
-				 * Always include routing headers in
-				 * computation.
-				 */
 				ip6e = (struct ip6_ext *)(ptr + off);
-				rh = (struct ip6_rthdr *)(ptr + off);
-				/*
-				 * must adjust content to make it look like
-				 * its final form (as seen at the final
-				 * destination).
-				 * we only know how to massage type 0 routing
-				 * header.
-				 */
-				if (out && rh->ip6r_type == IPV6_RTHDR_TYPE_0) {
-					struct ip6_rthdr0 *rh0;
-					struct in6_addr *addr, finaldst;
-					int i;
-
-					rh0 = (struct ip6_rthdr0 *)rh;
-					addr = (struct in6_addr *)(rh0 + 1);
-
-					for (i = 0; i < rh0->ip6r0_segleft; i++)
-						in6_clearscope(&addr[i]);
-
-					finaldst = addr[rh0->ip6r0_segleft - 1];
-					memmove(&addr[1], &addr[0],
-						sizeof(struct in6_addr) *
-						(rh0->ip6r0_segleft - 1));
-
-					m_copydata(m, 0, sizeof(ip6), &ip6);
-					addr[0] = ip6.ip6_dst;
-					ip6.ip6_dst = finaldst;
-					m_copyback(m, 0, sizeof(ip6), &ip6);
-
-					rh0->ip6r0_segleft = 0;
-				}
 
 				/* advance */
 				off += ((ip6e->ip6e_len + 1) << 3);

Reply via email to