CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2013/11/15 09:15:42
Modified files:
sys/net : pf.c
sys/netinet6 : ip6_input.c
sys/sys : mbuf.h
Log message:
After discussion with deraadt@ and Fernando Gont, it seems that the
stack should still scan for IPv6 type 0 routing headers. There are
OpenBSD routers running without pf and there are plenty of legacy
implementations supporting RH0.
Bring back the function ip6_check_rh0hdr() that I removed a month
ago. As an improvement to the prevoius solution, only scan the
header chain in ip6_input() if the packet has not been inspected
by pf. Both implementations drop packets with RH0 anywhere in the
extension header chain.
OK mikeb@ henning@
