diff options
author | florian <florian@openbsd.org> | 2020-08-08 07:42:31 +0000 |
---|---|---|
committer | florian <florian@openbsd.org> | 2020-08-08 07:42:31 +0000 |
commit | 22eb2a695c232c8d17f1831b4cafaa7014c63bd0 (patch) | |
tree | 8825a444acc4565488dcb10a8e07665810884b7a /sys/netinet | |
parent | Somewhere during working on UTF-8 support I thought it was a good idea to (diff) | |
download | wireguard-openbsd-22eb2a695c232c8d17f1831b4cafaa7014c63bd0.tar.xz wireguard-openbsd-22eb2a695c232c8d17f1831b4cafaa7014c63bd0.zip |
No longer prevent TCP connections to IPv6 anycast addresses.
RFC 4291 dropped this requirement from RFC 3513:
o An anycast address must not be used as the source address of an
IPv6 packet.
And from that requirement draft-itojun-ipv6-tcp-to-anycast rightly
concluded that TCP connections must be prevented.
The draft also states:
The proposed method MUST be removed when one of the following events
happens in the future:
o Restriction imposed on IPv6 anycast address is loosened, so that
anycast address can be placed into source address field of the IPv6
header[...]
OK jca
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/ip_input.c | 16 |
1 files changed, 1 insertions, 15 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 1b511d14a4b..394362dc005 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.349 2020/08/01 23:41:55 gnezdo Exp $ */ +/* $OpenBSD: ip_input.c,v 1.350 2020/08/08 07:42:31 florian Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -619,20 +619,6 @@ ip_deliver(struct mbuf **mp, int *offp, int nxt, int af) goto bad; } -#ifdef INET6 - /* draft-itojun-ipv6-tcp-to-anycast */ - if (af == AF_INET6 && - ISSET((*mp)->m_flags, M_ACAST) && (nxt == IPPROTO_TCP)) { - if ((*mp)->m_len >= sizeof(struct ip6_hdr)) { - icmp6_error(*mp, ICMP6_DST_UNREACH, - ICMP6_DST_UNREACH_ADDR, - offsetof(struct ip6_hdr, ip6_dst)); - *mp = NULL; - } - goto bad; - } -#endif /* INET6 */ - #ifdef IPSEC if (ipsec_in_use) { if (ipsec_local_check(*mp, *offp, nxt, af) != 0) { |