diff options
| author |   florian <florian@openbsd.org> | 2014-08-27 14:04:15 +0000 |
|---|---|---|
| committer | florian <florian@openbsd.org> | 2014-08-27 14:04:15 +0000 |
| commit | fb92997af583062f7ef32e82ec027bbca496201e (patch) | |
| tree | 2ff117e08bfb0432c0ee276895bfe5da037936d8 /sys | |
| parent | Add httpd default log files to the rotation. (diff) | |
| download | wireguard-openbsd-fb92997af583062f7ef32e82ec027bbca496201e.tar.xz wireguard-openbsd-fb92997af583062f7ef32e82ec027bbca496201e.zip | |
Nuke net.inet6.icmp6.rediraccept and allow redirects on interfaces
with autoconf enabled.
If one is doing SLAAC one does already trust link local icmp6 so the
policy for icmp6 redirects should be the same.
pointed out by & OK bluhm@; OK henning@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/netinet/icmp6.h | 7 | ||||
| -rw-r--r-- | sys/netinet6/icmp6.c | 4 | ||||
| -rw-r--r-- | sys/netinet6/in6_proto.c | 3 |
3 files changed, 6 insertions, 8 deletions
diff --git a/sys/netinet/icmp6.h b/sys/netinet/icmp6.h index 68c82666ad9..f67e2480c62 100644 --- a/sys/netinet/icmp6.h +++ b/sys/netinet/icmp6.h @@ -1,4 +1,4 @@ -/* $OpenBSD: icmp6.h,v 1.40 2014/07/11 12:20:26 benno Exp $ */ +/* $OpenBSD: icmp6.h,v 1.41 2014/08/27 14:04:15 florian Exp $ */ /* $KAME: icmp6.h,v 1.84 2003/04/23 10:26:51 itojun Exp $ */ /* @@ -542,7 +542,7 @@ struct icmp6stat { #define ICMPV6CTL_NAMES { \ { 0, 0 }, \ { 0, 0 }, \ - { "rediraccept", CTLTYPE_INT }, \ + { 0, 0 }, \ { "redirtimeout", CTLTYPE_INT }, \ { 0, 0 }, \ { 0, 0 }, \ @@ -566,7 +566,7 @@ struct icmp6stat { #define ICMPV6CTL_VARS { \ NULL, \ NULL, \ - &icmp6_rediraccept, \ + NULL, \ &icmp6_redirtimeout, \ NULL, \ NULL, \ @@ -668,7 +668,6 @@ do { \ } \ } while (0) -extern int icmp6_rediraccept; /* accept/process redirects */ extern int icmp6_redirtimeout; /* cache time for redirect routes */ #endif /* _KERNEL */ diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index 07b9a7beec7..c43857759d6 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: icmp6.c,v 1.147 2014/07/22 11:06:10 mpi Exp $ */ +/* $OpenBSD: icmp6.c,v 1.148 2014/08/27 14:04:16 florian Exp $ */ /* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */ /* @@ -1386,7 +1386,7 @@ icmp6_redirect_input(struct mbuf *m, int off) /* XXX if we are router, we don't update route by icmp6 redirect */ if (ip6_forwarding) goto freeit; - if (!icmp6_rediraccept) + if (!(ifp->if_xflags & IFXF_AUTOCONF6)) goto freeit; IP6_EXTHDR_GET(nd_rd, struct nd_redirect *, m, off, icmp6len); diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index 04e0a530b54..bb0387fa0e4 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in6_proto.c,v 1.74 2014/08/19 12:28:03 mpi Exp $ */ +/* $OpenBSD: in6_proto.c,v 1.75 2014/08/27 14:04:16 florian Exp $ */ /* $KAME: in6_proto.c,v 1.66 2000/10/10 15:35:47 itojun Exp $ */ /* @@ -303,7 +303,6 @@ u_long rip6_sendspace = RIPV6SNDQ; u_long rip6_recvspace = RIPV6RCVQ; /* ICMPV6 parameters */ -int icmp6_rediraccept = 0; /* don't process redirects by default */ int icmp6_redirtimeout = 10 * 60; /* 10 minutes */ int icmp6errppslim = 100; /* 100pps */ int ip6_mtudisc_timeout = IPMTUDISCTIMEOUT; |