author: Colin Percival <cperciva@FreeBSD.org> 2007-04-26 23:42:23 +0000
committer: Colin Percival <cperciva@FreeBSD.org> 2007-04-26 23:42:23 +0000
commit: f64f1bc808da2132080f9440a01098352c860dfb (patch)
tree: aae30517a28c0c173e92423739727daf98857cb6
parent: 1872069d5fc7db3bf2335cfb43301ef3d98b0c31 (diff)
5 files changed, 18 insertions, 3 deletions
diff --git a/UPDATING b/UPDATING
index 519b1e58e27f..86162ce54174 100644
--- a/UPDATING
+++ b/UPDATING
@@ -8,7 +8,12 @@ Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running
 portupgrade.
 
-20070209	p11	FreeBSD-SA-07:02.bind
+20070426:	p12	FreeBSD-SA-07:03.ipv6
+	Disable processing of IPv6 type 0 Routing Headers.  This behaviour
+	can be changed via the (newly added) net.inet6.ip6.rthdr0_allowed
+	sysctl.
+
+20070209:	p11	FreeBSD-SA-07:02.bind
 	Correct two remote denials of service in BIND involving DNSSEC and
 	recursive DNS queries respectively.
 
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 80c900c5f58d..2c6df5fc2dd6 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="5.5"
-BRANCH="RELEASE-p11"
+BRANCH="RELEASE-p12"
 RELEASE="${REVISION}-${BRANCH}"
 VERSION="${TYPE} ${RELEASE}"
 
diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h
index deba10fab232..594498026133 100644
--- a/sys/netinet6/in6.h
+++ b/sys/netinet6/in6.h
@@ -597,7 +597,8 @@ struct ip6_mtuinfo {
 /* to define items, should talk with KAME guys first, for *BSD compatibility */
 /* 42-44 is already used in KAME */
 #define IPV6CTL_STEALTH		45
-#define IPV6CTL_MAXID		46
+#define IPV6CTL_RTHDR0_ALLOWED  46
+#define IPV6CTL_MAXID		47
 #endif /* __BSD_VISIBLE */
 
 /*
diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c
index 1dc69342c439..f5f97e25ac7c 100644
--- a/sys/netinet6/in6_proto.c
+++ b/sys/netinet6/in6_proto.c
@@ -314,6 +314,8 @@ time_t	ip6_log_time = (time_t)0L;
 #ifdef IPSTEALTH
 int	ip6stealth = 0;
 #endif
+int     ip6_rthdr0_allowed = 0; /* Disallow use of routing header 0 */
+				/* by default. */
 
 /* icmp6 */
 /*
@@ -452,6 +454,9 @@ SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGS,
 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_RW,
 	&ip6stealth, 0, "");
 #endif
+SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTHDR0_ALLOWED, 
+	   rthdr0_allowed, CTLFLAG_RW, &ip6_rthdr0_allowed, 0, "");
+
 
 /* net.inet6.icmp6 */
 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT,
diff --git a/sys/netinet6/route6.c b/sys/netinet6/route6.c
index aa2544035029..6a44a558f730 100644
--- a/sys/netinet6/route6.c
+++ b/sys/netinet6/route6.c
@@ -48,6 +48,8 @@
 
 #include <netinet/icmp6.h>
 
+extern int ip6_rthdr0_allowed;
+
 static int ip6_rthdr0 __P((struct mbuf *, struct ip6_hdr *,
     struct ip6_rthdr0 *));
 
@@ -87,6 +89,8 @@ route6_input(mp, offp, proto)
 
 	switch (rh->ip6r_type) {
 	case IPV6_RTHDR_TYPE_0:
+		if (!ip6_rthdr0_allowed)
+			return (IPPROTO_DONE);
 		rhlen = (rh->ip6r_len + 1) << 3;
 #ifndef PULLDOWN_TEST
 		/*
author	Colin Percival <cperciva@FreeBSD.org>	2007-04-26 23:42:23 +0000
committer	Colin Percival <cperciva@FreeBSD.org>	2007-04-26 23:42:23 +0000
commit	f64f1bc808da2132080f9440a01098352c860dfb (patch)
tree	aae30517a28c0c173e92423739727daf98857cb6
parent	1872069d5fc7db3bf2335cfb43301ef3d98b0c31 (diff)