diff options
| author |   florian <florian@openbsd.org> | 2020-08-08 07:42:31 +0000 |
|---|---|---|
| committer | florian <florian@openbsd.org> | 2020-08-08 07:42:31 +0000 |
| commit | 22eb2a695c232c8d17f1831b4cafaa7014c63bd0 (patch) | |
| tree | 8825a444acc4565488dcb10a8e07665810884b7a | |
| parent | Somewhere during working on UTF-8 support I thought it was a good idea to (diff) | |
| download | wireguard-openbsd-22eb2a695c232c8d17f1831b4cafaa7014c63bd0.tar.xz wireguard-openbsd-22eb2a695c232c8d17f1831b4cafaa7014c63bd0.zip | |
No longer prevent TCP connections to IPv6 anycast addresses.
RFC 4291 dropped this requirement from RFC 3513:
o An anycast address must not be used as the source address of an
IPv6 packet.
And from that requirement draft-itojun-ipv6-tcp-to-anycast rightly
concluded that TCP connections must be prevented.
The draft also states:
The proposed method MUST be removed when one of the following events
happens in the future:
o Restriction imposed on IPv6 anycast address is loosened, so that
anycast address can be placed into source address field of the IPv6
header[...]
OK jca
| -rw-r--r-- | share/man/man9/mbuf.9 | 6 | ||||
| -rw-r--r-- | sys/netinet/ip_input.c | 16 | ||||
| -rw-r--r-- | sys/netinet6/ip6_input.c | 4 |
3 files changed, 4 insertions, 22 deletions
diff --git a/share/man/man9/mbuf.9 b/share/man/man9/mbuf.9 index 6f798945437..3d623003872 100644 --- a/share/man/man9/mbuf.9 +++ b/share/man/man9/mbuf.9 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mbuf.9,v 1.118 2018/12/07 08:37:24 claudio Exp $ +.\" $OpenBSD: mbuf.9,v 1.119 2020/08/08 07:42:31 florian Exp $ .\" .\" Copyright (c) 2001 Jean-Jacques Bernard-Gundol <jjbg@openbsd.org> .\" All rights reserved. @@ -25,7 +25,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 7 2018 $ +.Dd $Mdocdate: August 8 2020 $ .Dt MGET 9 .Os .Sh NAME @@ -306,8 +306,6 @@ protocol-specific. variable is valid. .It Dv M_LOOP packet has been sent from local machine. -.It Dv M_ACAST -received as IPv6 anycast. .It Dv M_BCAST packet sent/received as link-level broadcast. .It Dv M_MCAST diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 1b511d14a4b..394362dc005 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.349 2020/08/01 23:41:55 gnezdo Exp $ */ +/* $OpenBSD: ip_input.c,v 1.350 2020/08/08 07:42:31 florian Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -619,20 +619,6 @@ ip_deliver(struct mbuf **mp, int *offp, int nxt, int af) goto bad; } -#ifdef INET6 - /* draft-itojun-ipv6-tcp-to-anycast */ - if (af == AF_INET6 && - ISSET((*mp)->m_flags, M_ACAST) && (nxt == IPPROTO_TCP)) { - if ((*mp)->m_len >= sizeof(struct ip6_hdr)) { - icmp6_error(*mp, ICMP6_DST_UNREACH, - ICMP6_DST_UNREACH_ADDR, - offsetof(struct ip6_hdr, ip6_dst)); - *mp = NULL; - } - goto bad; - } -#endif /* INET6 */ - #ifdef IPSEC if (ipsec_in_use) { if (ipsec_local_check(*mp, *offp, nxt, af) != 0) { diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index 64489f53b48..146ff6a52b7 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_input.c,v 1.227 2020/08/01 23:41:56 gnezdo Exp $ */ +/* $OpenBSD: ip6_input.c,v 1.228 2020/08/08 07:42:31 florian Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -424,8 +424,6 @@ ip6_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp) */ if (rtisvalid(rt) && ISSET(rt->rt_flags, RTF_LOCAL)) { struct in6_ifaddr *ia6 = ifatoia6(rt->rt_ifa); - if (ia6->ia6_flags & IN6_IFF_ANYCAST) - m->m_flags |= M_ACAST; if (ip6_forwarding == 0 && rt->rt_ifidx != ifp->if_index && !((ifp->if_flags & IFF_LOOPBACK) || |