drop packets with link-local addresses,

if (internally-used) interface ID portion is already filled. sync with kame
author: itojun <itojun@openbsd.org> 2001-03-16 12:20:52 +0000
committer: itojun <itojun@openbsd.org> 2001-03-16 12:20:52 +0000
commit: c5d81f24a7462b0fc6712c01d9c2c062643ed751 (patch)
tree: 8c5251884cc1b3f7e6336407e37be6c278061348
parent: fix memset and whitespace (diff)
download: wireguard-openbsd-c5d81f24a7462b0fc6712c01d9c2c062643ed751.tar.xz
wireguard-openbsd-c5d81f24a7462b0fc6712c01d9c2c062643ed751.zip
1 files changed, 15 insertions, 1 deletions
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index 9132853c49a..643bc290311 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip6_input.c,v 1.27 2001/02/16 16:38:15 itojun Exp $	*/
+/*	$OpenBSD: ip6_input.c,v 1.28 2001/03/16 12:20:52 itojun Exp $	*/
 /*	$KAME: ip6_input.c,v 1.176 2001/02/14 07:13:39 itojun Exp $	*/
 
 /*
@@ -330,6 +330,20 @@ ip6_input(m)
 		}
 	}
 
+	/* drop packets if interface ID portion is already filled */
+	if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) {
+		if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src) &&
+		    ip6->ip6_src.s6_addr16[1]) {
+			ip6stat.ip6s_badscope++;
+			goto bad;
+		}
+		if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst) &&
+		    ip6->ip6_dst.s6_addr16[1]) {
+			ip6stat.ip6s_badscope++;
+			goto bad;
+		}
+	}
+
 #ifndef FAKE_LOOPBACK_IF
 	if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0)
 #else
author	itojun <itojun@openbsd.org>	2001-03-16 12:20:52 +0000
committer	itojun <itojun@openbsd.org>	2001-03-16 12:20:52 +0000
commit	c5d81f24a7462b0fc6712c01d9c2c062643ed751 (patch)
tree	8c5251884cc1b3f7e6336407e37be6c278061348
parent	fix memset and whitespace (diff)
download	wireguard-openbsd-c5d81f24a7462b0fc6712c01d9c2c062643ed751.tar.xz wireguard-openbsd-c5d81f24a7462b0fc6712c01d9c2c062643ed751.zip