diff options
| author | ume <ume@FreeBSD.org> | 2005-07-25 12:31:43 +0000 |
|---|---|---|
| committer | ume <ume@FreeBSD.org> | 2005-07-25 12:31:43 +0000 |
| commit | da2cf62b280b8450d5f8e0d810e810cdcc59a8c0 (patch) | |
| tree | 5a678f63b25976c30f74f3bad9edb6f708c52930 /sys/net/if_gif.c | |
| parent | 59bc7b0da19f008a39ee92249e92f8246f04394e (diff) | |
| download | FreeBSD-src-da2cf62b280b8450d5f8e0d810e810cdcc59a8c0.zip FreeBSD-src-da2cf62b280b8450d5f8e0d810e810cdcc59a8c0.tar.gz | |
scope cleanup. with this change
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
Submitted by: JINMEI Tatuya <jinmei__at__isl.rdc.toshiba.co.jp>
Obtained from: KAME
Diffstat (limited to 'sys/net/if_gif.c')
| -rw-r--r-- | sys/net/if_gif.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/sys/net/if_gif.c b/sys/net/if_gif.c index 3291321..d5c7cd7 100644 --- a/sys/net/if_gif.c +++ b/sys/net/if_gif.c @@ -74,6 +74,7 @@ #include <netinet6/in6_var.h> #include <netinet/ip6.h> #include <netinet6/ip6_var.h> +#include <netinet6/scope6_var.h> #include <netinet6/in6_gif.h> #include <netinet6/ip6protosw.h> #endif /* INET6 */ @@ -679,6 +680,13 @@ gif_ioctl(ifp, cmd, data) if (src->sa_len > size) return EINVAL; bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); +#ifdef INET6 + if (dst->sa_family == AF_INET6) { + error = sa6_recoverscope((struct sockaddr_in6 *)dst); + if (error != 0) + return (error); + } +#endif break; case SIOCGIFPDSTADDR: @@ -711,6 +719,13 @@ gif_ioctl(ifp, cmd, data) if (src->sa_len > size) return EINVAL; bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); +#ifdef INET6 + if (dst->sa_family == AF_INET6) { + error = sa6_recoverscope((struct sockaddr_in6 *)dst); + if (error != 0) + return (error); + } +#endif break; case SIOCGLIFPHYADDR: @@ -832,6 +847,16 @@ gif_set_tunnel(ifp, src, dst) #endif #ifdef INET6 case AF_INET6: + /* + * Check validity of the scope zone ID of the addresses, and + * convert it into the kernel internal form if necessary. + */ + error = sa6_embedscope((struct sockaddr_in6 *)sc->gif_psrc, 0); + if (error != 0) + break; + error = sa6_embedscope((struct sockaddr_in6 *)sc->gif_pdst, 0); + if (error != 0) + break; error = in6_gif_attach(sc); break; #endif |
