diff options
| author | Bjoern A. Zeeb <bz@FreeBSD.org> | 2019-12-06 16:42:58 +0000 |
|---|---|---|
| committer | Bjoern A. Zeeb <bz@FreeBSD.org> | 2019-12-06 16:42:58 +0000 |
| commit | b745e7623c887543bf2eabe8a69dbd7c5c9e67d2 (patch) | |
| tree | b982dd2a7fa3b9ec935e814cc29a89b4a75dd936 | |
| parent | dad68fc301320e163995beb3cf929c846d7fa442 (diff) | |
Notes
| -rw-r--r-- | sys/netinet6/ip6_input.c | 18 |
1 files changed, 0 insertions, 18 deletions
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index 22797ff5d3ba..431941dcad10 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -897,24 +897,6 @@ passin: return; } - ip6 = mtod(m, struct ip6_hdr *); - - /* - * Malicious party may be able to use IPv4 mapped addr to confuse - * tcp/udp stack and bypass security checks (act as if it was from - * 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1). Be cautious. - * - * For SIIT end node behavior, you may want to disable the check. - * However, you will become vulnerable to attacks using IPv4 mapped - * source. - */ - if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || - IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { - IP6STAT_INC(ip6s_badscope); - in6_ifstat_inc(rcvif, ifs6_in_addrerr); - goto bad; - } - /* * Tell launch routine the next header */ |