From c8a34d8e58e5938b80d8dcd967390f14dba6bf51 Mon Sep 17 00:00:00 2001 From: yamt Date: Thu, 17 May 2007 11:48:42 +0000 Subject: [PATCH] remove net.inet6.ip6.rht0 sysctl. it's too dangerous compared to its benefit. strongly requested by itojun@. ok'ed by core@. --- sys/netinet6/ip6_input.c | 36 ++--------------------- sys/netinet6/ip6_var.h | 3 +- sys/netinet6/route6.c | 63 +++++++++++++++++++++++++--------------- 3 files changed, 42 insertions(+), 60 deletions(-) diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index deff32a9d2f3..160b404357aa 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_input.c,v 1.105 2007/05/06 02:29:33 dyoung Exp $ */ +/* $NetBSD: ip6_input.c,v 1.106 2007/05/17 11:48:42 yamt Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.105 2007/05/06 02:29:33 dyoung Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.106 2007/05/17 11:48:42 yamt Exp $"); #include "opt_inet.h" #include "opt_inet6.h" @@ -1654,31 +1654,6 @@ sysctl_net_inet6_ip6_hashsize(SYSCTLFN_ARGS) } #endif /* GATEWAY */ -static int -sysctl_net_inet6_ip6_rht0(SYSCTLFN_ARGS) -{ - int error, tmp; - struct sysctlnode node; - - node = *rnode; - tmp = ip6_rht0; - node.sysctl_data = &tmp; - error = sysctl_lookup(SYSCTLFN_CALL(&node)); - if (error || newp == NULL) - return error; - - switch (tmp) { - case -1: /* disable processing */ - case 0: /* disable for host, enable for router */ - case 1: /* enable for all */ - break; - default: - return EINVAL; - } - ip6_rht0 = tmp; - return 0; -} - /* * System control for IP6 */ @@ -1978,11 +1953,4 @@ SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, "sysctl net.inet6.ip6 subtree setup") CTL_NET, PF_INET6, IPPROTO_IPV6, CTL_CREATE, CTL_EOL); #endif - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "rht0", - SYSCTL_DESCR("Processing of routing header type 0 (IPv6)"), - sysctl_net_inet6_ip6_rht0, 0, &ip6_rht0, 0, - CTL_NET, PF_INET6, IPPROTO_IPV6, - CTL_CREATE, CTL_EOL); } diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index d3ab16135c4c..8561d4cd19ce 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_var.h,v 1.43 2007/05/02 20:40:27 dyoung Exp $ */ +/* $NetBSD: ip6_var.h,v 1.44 2007/05/17 11:48:42 yamt Exp $ */ /* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */ /* @@ -306,7 +306,6 @@ extern int ip6_use_defzone; /* whether to use the default scope zone extern int ip6_maxflows; /* maximum amount of flows for ip6ff */ extern int ip6_hashsize; /* size of hash table */ #endif -extern int ip6_rht0; /* processing routing header type 0 */ struct in6pcb; diff --git a/sys/netinet6/route6.c b/sys/netinet6/route6.c index 2499b694e2ee..ae70d36bdf9d 100644 --- a/sys/netinet6/route6.c +++ b/sys/netinet6/route6.c @@ -1,4 +1,4 @@ -/* $NetBSD: route6.c,v 1.18 2007/04/22 19:47:41 christos Exp $ */ +/* $NetBSD: route6.c,v 1.19 2007/05/17 11:48:43 yamt Exp $ */ /* $KAME: route6.c,v 1.22 2000/12/03 00:54:00 itojun Exp $ */ /* @@ -31,7 +31,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: route6.c,v 1.18 2007/04/22 19:47:41 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: route6.c,v 1.19 2007/05/17 11:48:43 yamt Exp $"); #include #include @@ -49,9 +49,9 @@ __KERNEL_RCSID(0, "$NetBSD: route6.c,v 1.18 2007/04/22 19:47:41 christos Exp $") #include -int ip6_rht0 = -1; /* disabled by default */ - +#if 0 static int ip6_rthdr0(struct mbuf *, struct ip6_hdr *, struct ip6_rthdr0 *); +#endif int route6_input(struct mbuf **mp, int *offp, int proto) @@ -69,28 +69,41 @@ route6_input(struct mbuf **mp, int *offp, int proto) } switch (rh->ip6r_type) { +#if 0 + /* + * See http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf + * for why IPV6_RTHDR_TYPE_0 is banned here. + * + * We return ICMPv6 parameter problem so that innocent people + * (not an attacker) would notice about the use of IPV6_RTHDR_TYPE_0. + * Since there's no amplification, and ICMPv6 error will be rate- + * controlled, it shouldn't cause any problem. + * If you are concerned about this, you may want to use the following + * code fragment: + * + * case IPV6_RTHDR_TYPE_0: + * m_freem(m); + * return (IPPROTO_DONE); + */ case IPV6_RTHDR_TYPE_0: - if ((ip6_forwarding && ip6_rht0 == 0) || ip6_rht0 > 0) { - rhlen = (rh->ip6r_len + 1) << 3; - /* - * note on option length: - * maximum rhlen: 2048 - * max mbuf m_pulldown can handle: MCLBYTES == usually - * 2048 so, here we are assuming that m_pulldown can - * handle hlen == 2048 case. This may not be a good - * thing to assume - we may want to avoid pulling it - * up altogether. - */ - IP6_EXTHDR_GET(rh, struct ip6_rthdr *, m, off, rhlen); - if (rh == NULL) { - ip6stat.ip6s_tooshort++; - return IPPROTO_DONE; - } - if (ip6_rthdr0(m, ip6, (struct ip6_rthdr0 *)rh)) - return IPPROTO_DONE; - break; + rhlen = (rh->ip6r_len + 1) << 3; + /* + * note on option length: + * maximum rhlen: 2048 + * max mbuf m_pulldown can handle: MCLBYTES == usually 2048 + * so, here we are assuming that m_pulldown can handle + * rhlen == 2048 case. this may not be a good thing to + * assume - we may want to avoid pulling it up altogether. + */ + IP6_EXTHDR_GET(rh, struct ip6_rthdr *, m, off, rhlen); + if (rh == NULL) { + ip6stat.ip6s_tooshort++; + return IPPROTO_DONE; } - /*FALLTHROUGH*/ + if (ip6_rthdr0(m, ip6, (struct ip6_rthdr0 *)rh)) + return (IPPROTO_DONE); + break; +#endif default: /* unknown routing type */ if (rh->ip6r_segleft == 0) { @@ -107,6 +120,7 @@ route6_input(struct mbuf **mp, int *offp, int proto) return (rh->ip6r_nxt); } +#if 0 /* * Type0 routing header processing * @@ -208,3 +222,4 @@ ip6_rthdr0(m, ip6, rh0) m_freem(m); return (-1); } +#endif