Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys Remove the kernel RH0 code. RH0 is deprecated by RFC5095...



details:   https://anonhg.NetBSD.org/src/rev/d6c796329c4b
branches:  trunk
changeset: 361304:d6c796329c4b
user:      maxv <maxv%NetBSD.org@localhost>
date:      Mon Apr 23 07:22:54 2018 +0000

description:
Remove the kernel RH0 code. RH0 is deprecated by RFC5095, for security
reasons. RH0 was already removed in the kernel's input path, but some
parts were still present in the output path: they are now removed.

Sent on tech-net@ a few days ago.

diffstat:

 sys/netinet6/ip6_output.c |  37 ++++---------------------------------
 sys/netipsec/xform_ah.c   |  40 ++--------------------------------------
 2 files changed, 6 insertions(+), 71 deletions(-)

diffs (138 lines):

diff -r 36a549214bd6 -r d6c796329c4b sys/netinet6/ip6_output.c
--- a/sys/netinet6/ip6_output.c Mon Apr 23 07:13:50 2018 +0000
+++ b/sys/netinet6/ip6_output.c Mon Apr 23 07:22:54 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip6_output.c,v 1.204 2018/04/18 07:17:49 maxv Exp $    */
+/*     $NetBSD: ip6_output.c,v 1.205 2018/04/23 07:22:54 maxv Exp $    */
 /*     $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $    */
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.204 2018/04/18 07:17:49 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.205 2018/04/23 07:22:54 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -143,34 +143,11 @@
 static int
 ip6_handle_rthdr(struct ip6_rthdr *rh, struct ip6_hdr *ip6)
 {
-       struct ip6_rthdr0 *rh0;
-       struct in6_addr *addr;
-       struct sockaddr_in6 sa;
        int error = 0;
 
        switch (rh->ip6r_type) {
        case IPV6_RTHDR_TYPE_0:
-               rh0 = (struct ip6_rthdr0 *)rh;
-               addr = (struct in6_addr *)(rh0 + 1);
-
-               /*
-                * construct a sockaddr_in6 form of the first hop.
-                *
-                * XXX we may not have enough information about its scope zone;
-                * there is no standard API to pass the information from the
-                * application.
-                */
-               sockaddr_in6_init(&sa, addr, 0, 0, 0);
-               error = sa6_embedscope(&sa, ip6_use_defzone);
-               if (error != 0)
-                       break;
-               memmove(&addr[0], &addr[1],
-                   sizeof(struct in6_addr) * (rh0->ip6r0_segleft - 1));
-               addr[rh0->ip6r0_segleft - 1] = ip6->ip6_dst;
-               ip6->ip6_dst = sa.sin6_addr;
-               /* XXX */
-               in6_clearscope(addr + rh0->ip6r0_segleft - 1);
-               break;
+               /* Dropped, RFC5095. */
        default:        /* is it possible? */
                error = EINVAL;
        }
@@ -3205,13 +3182,7 @@
                        return (EINVAL);
                switch (rth->ip6r_type) {
                case IPV6_RTHDR_TYPE_0:
-                       if (rth->ip6r_len == 0) /* must contain one addr */
-                               return (EINVAL);
-                       if (rth->ip6r_len % 2) /* length must be even */
-                               return (EINVAL);
-                       if (rth->ip6r_len / 2 != rth->ip6r_segleft)
-                               return (EINVAL);
-                       break;
+                       /* Dropped, RFC5095. */
                default:
                        return (EINVAL);        /* not supported */
                }
diff -r 36a549214bd6 -r d6c796329c4b sys/netipsec/xform_ah.c
--- a/sys/netipsec/xform_ah.c   Mon Apr 23 07:13:50 2018 +0000
+++ b/sys/netipsec/xform_ah.c   Mon Apr 23 07:22:54 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: xform_ah.c,v 1.92 2018/04/19 08:27:39 maxv Exp $       */
+/*     $NetBSD: xform_ah.c,v 1.93 2018/04/23 07:22:54 maxv Exp $       */
 /*     $FreeBSD: xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $    */
 /*     $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
 /*
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.92 2018/04/19 08:27:39 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.93 2018/04/23 07:22:54 maxv Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -273,7 +273,6 @@
 #ifdef INET6
        struct ip6_ext *ip6e;
        struct ip6_hdr ip6;
-       struct ip6_rthdr *rh;
        int alloc, nxt;
 #endif
 
@@ -475,42 +474,7 @@
                                break;
 
                        case IPPROTO_ROUTING:
-                               /*
-                                * Always include routing headers in
-                                * computation.
-                                */
                                ip6e = (struct ip6_ext *)(ptr + off);
-                               rh = (struct ip6_rthdr *)(ptr + off);
-                               /*
-                                * must adjust content to make it look like
-                                * its final form (as seen at the final
-                                * destination).
-                                * we only know how to massage type 0 routing
-                                * header.
-                                */
-                               if (out && rh->ip6r_type == IPV6_RTHDR_TYPE_0) {
-                                       struct ip6_rthdr0 *rh0;
-                                       struct in6_addr *addr, finaldst;
-                                       int i;
-
-                                       rh0 = (struct ip6_rthdr0 *)rh;
-                                       addr = (struct in6_addr *)(rh0 + 1);
-
-                                       for (i = 0; i < rh0->ip6r0_segleft; i++)
-                                               in6_clearscope(&addr[i]);
-
-                                       finaldst = addr[rh0->ip6r0_segleft - 1];
-                                       memmove(&addr[1], &addr[0],
-                                               sizeof(struct in6_addr) *
-                                               (rh0->ip6r0_segleft - 1));
-
-                                       m_copydata(m, 0, sizeof(ip6), &ip6);
-                                       addr[0] = ip6.ip6_dst;
-                                       ip6.ip6_dst = finaldst;
-                                       m_copyback(m, 0, sizeof(ip6), &ip6);
-
-                                       rh0->ip6r0_segleft = 0;
-                               }
 
                                /* advance */
                                off += ((ip6e->ip6e_len + 1) << 3);



Home | Main Index | Thread Index | Old Index