ref: e93f7885dad16245a4f772d4305cfc00ba5d8a44
parent: 137533bd69847030d716658e1772c6320f9282bb
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Thu Mar 31 19:53:10 EDT 2016
6in4: ingress filter multicast and link-local, but allow relay traffic
--- a/sys/src/cmd/ip/6in4.c
+++ b/sys/src/cmd/ip/6in4.c
@@ -381,7 +381,6 @@
{int n, m;
char buf[64*1024];
- uchar a[IPaddrlen];
Ip6hdr *op;
Iphdr *ip;
@@ -419,14 +418,10 @@
op = (Ip6hdr*)(buf + IPaddrlen + STFHDR);
n -= STFHDR;
- /*
- * don't relay: just accept packets for local host/subnet
- * (this blocks link-local and multicast addresses as well)
- */
- maskip(op->dst, localmask, a);
- if (!equivip6(a, localnet)) {- syslog(0, "6in4", "ingress filtered %I -> %I; "
- "dst not on local net", op->src, op->dst);
+ /* filter multicast and link-local, but allow relay traffic */
+ if (badipv6(op->src) || badipv6(op->dst)) {+ syslog(0, "6in4", "ingress filtered %I -> %I; bad src/dst",
+ op->src, op->dst);
continue;
}
if (debug > 1)
--
⑨