[src/trunk]: src/sys/netinet6 When handling NS/NA we need to check our prefix...

[roy <roy%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/a6c1ffaf9ccb
branches:  trunk
changeset: 325952:a6c1ffaf9ccb
user:      roy <roy%NetBSD.org@localhost>
date:      Mon Jan 13 18:23:36 2014 +0000

description:
When handling NS/NA we need to check our prefix list instead of our
address list to work out if it came from a valid neighbor.

diffstat:

 sys/netinet6/nd6_nbr.c |  16 +++++++++++-----
 1 files changed, 11 insertions(+), 5 deletions(-)

diffs (57 lines):

diff -r 28cde29f6755 -r a6c1ffaf9ccb sys/netinet6/nd6_nbr.c
--- a/sys/netinet6/nd6_nbr.c    Mon Jan 13 15:48:09 2014 +0000
+++ b/sys/netinet6/nd6_nbr.c    Mon Jan 13 18:23:36 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: nd6_nbr.c,v 1.98 2013/05/21 09:54:12 roy Exp $ */
+/*     $NetBSD: nd6_nbr.c,v 1.99 2014/01/13 18:23:36 roy Exp $ */
 /*     $KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $        */
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.98 2013/05/21 09:54:12 roy Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.99 2014/01/13 18:23:36 roy Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
@@ -143,10 +143,13 @@
                        goto bad;
                }
        } else {
+               struct sockaddr_in6 ssin6;
+
                /*
                 * Make sure the source address is from a neighbor's address.
                 */
-               if (in6ifa_ifplocaladdr(ifp, &saddr6) == NULL) {
+               sockaddr_in6_init(&ssin6, &saddr6, 0, 0, 0);
+               if (nd6_is_addr_neighbor(&ssin6, ifp) == 0) {
                        nd6log((LOG_INFO, "nd6_ns_input: "
                            "NS packet from non-neighbor\n"));
                        goto bad;
@@ -563,6 +566,7 @@
        struct rtentry *rt;
        struct sockaddr_dl *sdl;
        union nd_opts ndopts;
+       struct sockaddr_in6 ssin6;
 
        if (ip6->ip6_hlim != 255) {
                nd6log((LOG_ERR,
@@ -637,11 +641,13 @@
                    ip6_sprintf(&taddr6));
                goto freeit;
        }
+
        /*
         * Make sure the source address is from a neighbor's address.
         */
-       if (in6ifa_ifplocaladdr(ifp, &saddr6) == NULL) {
-               nd6log((LOG_INFO, "nd6_ns_input: "
+       sockaddr_in6_init(&ssin6, &saddr6, 0, 0, 0);
+       if (nd6_is_addr_neighbor(&ssin6, ifp) == 0) {
+               nd6log((LOG_INFO, "nd6_na_input: "
                    "ND packet from non-neighbor\n"));
                goto bad;
        }