remove net.inet6.ip6.rht0 sysctl.

it's too dangerous compared to its benefit. strongly requested by itojun@. ok'ed by core@.
2007-05-17 11:48:42 +00:00 · 2007-05-17 11:48:42 +00:00 · c8a34d8e58
parent 961ad7addf
commit c8a34d8e58
3 changed files with 42 additions and 60 deletions
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_input.c,v 1.105 2007/05/06 02:29:33 dyoung Exp $	*/
+/*	$NetBSD: ip6_input.c,v 1.106 2007/05/17 11:48:42 yamt Exp $	*/
 /*	$KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $	*/

 /*
@ -62,7 +62,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.105 2007/05/06 02:29:33 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.106 2007/05/17 11:48:42 yamt Exp $");

 #include "opt_inet.h"
 #include "opt_inet6.h"
@ -1654,31 +1654,6 @@ sysctl_net_inet6_ip6_hashsize(SYSCTLFN_ARGS)
 }
 #endif /* GATEWAY */

-static int
-sysctl_net_inet6_ip6_rht0(SYSCTLFN_ARGS)
-{  
-	int error, tmp;
-	struct sysctlnode node;
-
-	node = *rnode;
-	tmp = ip6_rht0;
-	node.sysctl_data = &tmp;
-	error = sysctl_lookup(SYSCTLFN_CALL(&node));
-	if (error || newp == NULL)
-		return error;
-
-	switch (tmp) {
-	case -1:	/* disable processing */
-	case 0:		/* disable for host, enable for router */
-	case 1:		/* enable for all */
-		break;
-	default:
-		return EINVAL;
-	}
-	ip6_rht0 = tmp;
-	return 0;
-}
-
 /*
 * System control for IP6
 */
@ -1978,11 +1953,4 @@ SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, "sysctl net.inet6.ip6 subtree setup")
 			CTL_NET, PF_INET6, IPPROTO_IPV6,
 			CTL_CREATE, CTL_EOL);
 #endif
-	sysctl_createv(clog, 0, NULL, NULL,
-			CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
-			CTLTYPE_INT, "rht0",
-			SYSCTL_DESCR("Processing of routing header type 0 (IPv6)"),
-			sysctl_net_inet6_ip6_rht0, 0, &ip6_rht0, 0,
-			CTL_NET, PF_INET6, IPPROTO_IPV6,
-			CTL_CREATE, CTL_EOL);
 }
--- a/sys/netinet6/ip6_var.h
+++ b/sys/netinet6/ip6_var.h
@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_var.h,v 1.43 2007/05/02 20:40:27 dyoung Exp $	*/
+/*	$NetBSD: ip6_var.h,v 1.44 2007/05/17 11:48:42 yamt Exp $	*/
 /*	$KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $	*/

 /*
@ -306,7 +306,6 @@ extern int	ip6_use_defzone; /* whether to use the default scope zone
 extern int      ip6_maxflows;           /* maximum amount of flows for ip6ff */
 extern int	ip6_hashsize;		/* size of hash table */
 #endif
-extern int	ip6_rht0;		/* processing routing header type 0 */

 struct in6pcb;

--- a/sys/netinet6/route6.c
+++ b/sys/netinet6/route6.c
@ -1,4 +1,4 @@
-/*	$NetBSD: route6.c,v 1.18 2007/04/22 19:47:41 christos Exp $	*/
+/*	$NetBSD: route6.c,v 1.19 2007/05/17 11:48:43 yamt Exp $	*/
 /*	$KAME: route6.c,v 1.22 2000/12/03 00:54:00 itojun Exp $	*/

 /*
@ -31,7 +31,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: route6.c,v 1.18 2007/04/22 19:47:41 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: route6.c,v 1.19 2007/05/17 11:48:43 yamt Exp $");

 #include <sys/param.h>
 #include <sys/mbuf.h>
@ -49,9 +49,9 @@ __KERNEL_RCSID(0, "$NetBSD: route6.c,v 1.18 2007/04/22 19:47:41 christos Exp $")

 #include <netinet/icmp6.h>

-int ip6_rht0 = -1;	/* disabled by default */
-
+#if 0
 static int ip6_rthdr0(struct mbuf *, struct ip6_hdr *, struct ip6_rthdr0 *);
+#endif

 int
 route6_input(struct mbuf **mp, int *offp, int proto)
@ -69,28 +69,41 @@ route6_input(struct mbuf **mp, int *offp, int proto)
 	}

 	switch (rh->ip6r_type) {
+#if 0
+	/*
+	 * See http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf
+	 * for why IPV6_RTHDR_TYPE_0 is banned here.
+	 *
+	 * We return ICMPv6 parameter problem so that innocent people
+	 * (not an attacker) would notice about the use of IPV6_RTHDR_TYPE_0.
+	 * Since there's no amplification, and ICMPv6 error will be rate-
+	 * controlled, it shouldn't cause any problem.
+	 * If you are concerned about this, you may want to use the following
+	 * code fragment:
+	 *
+	 * case IPV6_RTHDR_TYPE_0:
+	 *	m_freem(m);
+	 *	return (IPPROTO_DONE);
+	 */
 	case IPV6_RTHDR_TYPE_0:
-		if ((ip6_forwarding && ip6_rht0 == 0) || ip6_rht0 > 0) {
-			rhlen = (rh->ip6r_len + 1) << 3;
-			/*
-			 * note on option length:
-			 * maximum rhlen: 2048
-			 * max mbuf m_pulldown can handle: MCLBYTES == usually
-			 * 2048 so, here we are assuming that m_pulldown can
-			 * handle hlen == 2048 case. This may not be a good
-			 * thing to assume - we may want to avoid pulling it
-			 * up altogether.
-			 */
-			IP6_EXTHDR_GET(rh, struct ip6_rthdr *, m, off, rhlen);
-			if (rh == NULL) {
-				ip6stat.ip6s_tooshort++;
-				return IPPROTO_DONE;
-			}
-			if (ip6_rthdr0(m, ip6, (struct ip6_rthdr0 *)rh))
-				return IPPROTO_DONE;
-			break;
+		rhlen = (rh->ip6r_len + 1) << 3;
+		/*
+		 * note on option length:
+		 * maximum rhlen: 2048
+		 * max mbuf m_pulldown can handle: MCLBYTES == usually 2048
+		 * so, here we are assuming that m_pulldown can handle
+		 * rhlen == 2048 case.  this may not be a good thing to
+		 * assume - we may want to avoid pulling it up altogether.
+		 */
+		IP6_EXTHDR_GET(rh, struct ip6_rthdr *, m, off, rhlen);
+		if (rh == NULL) {
+			ip6stat.ip6s_tooshort++;
+			return IPPROTO_DONE;
 		}
-		/*FALLTHROUGH*/
+		if (ip6_rthdr0(m, ip6, (struct ip6_rthdr0 *)rh))
+			return (IPPROTO_DONE);
+		break;
+#endif
 	default:
 		/* unknown routing type */
 		if (rh->ip6r_segleft == 0) {
@ -107,6 +120,7 @@ route6_input(struct mbuf **mp, int *offp, int proto)
 	return (rh->ip6r_nxt);
 }

+#if 0
 /*
 * Type0 routing header processing
 *
@ -208,3 +222,4 @@ ip6_rthdr0(m, ip6, rh0)
 	m_freem(m);
 	return (-1);
 }
+#endif