diff options
| author |   bluhm <bluhm@openbsd.org> | 2013-10-19 21:25:15 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2013-10-19 21:25:15 +0000 |
| commit | 40fe0ce64ccc425bd10a1a6f008379dc5dbdab07 (patch) | |
| tree | 19aba0497db7a79799b09ab64be7aa5d64a72698 /sys/kern/subr_hibernate.c | |
| parent | LP64 non-PMAP_DIRECT archs like sparc64 have a structure larger (diff) | |
| download | wireguard-openbsd-40fe0ce64ccc425bd10a1a6f008379dc5dbdab07.tar.xz wireguard-openbsd-40fe0ce64ccc425bd10a1a6f008379dc5dbdab07.zip | |
Our IPv6 stack was scanning all extension headers for routing header
type 0 and dropped the packet if it found one. RFC 5095 demands
to handle a routing header type 0 like an unrecognised routing type.
This is enough to protect the own machine.
To protect a network as a firewall, we have pf which does the same
full scan in pf_walk_header6(). As pf is enabled by default, nothing
changes for most users. If you turn off pf on your router, you
should not expect extra protection.
Get rid of the double scanning in ip6_input() and and the older
disabled code in route6_input(). No more special treatment of
routing header type 0 in the IPv6 stack.
OK henning@ mikeb@
Diffstat (limited to 'sys/kern/subr_hibernate.c')
0 files changed, 0 insertions, 0 deletions