diff options
| author | Hajimu UMEMOTO <ume@FreeBSD.org> | 2005-07-25 12:31:43 +0000 |
|---|---|---|
| committer | Hajimu UMEMOTO <ume@FreeBSD.org> | 2005-07-25 12:31:43 +0000 |
| commit | a1f7e5f8ee7fee62414af8d3a3008313cfd2cb17 (patch) | |
| tree | 5a678f63b25976c30f74f3bad9edb6f708c52930 /sys/netinet6/ip6_mroute.c | |
| parent | 869de95743d527dda9d81d06b0e74cd5e95f8f9c (diff) | |
| download | src-a1f7e5f8ee7fee62414af8d3a3008313cfd2cb17.tar.gz src-a1f7e5f8ee7fee62414af8d3a3008313cfd2cb17.zip | |
scope cleanup. with this change
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
Submitted by: JINMEI Tatuya <jinmei__at__isl.rdc.toshiba.co.jp>
Obtained from: KAME
Notes
Notes:
svn path=/head/; revision=148385
Diffstat (limited to 'sys/netinet6/ip6_mroute.c')
| -rw-r--r-- | sys/netinet6/ip6_mroute.c | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c index 64ce31158560..e0d86deff4bb 100644 --- a/sys/netinet6/ip6_mroute.c +++ b/sys/netinet6/ip6_mroute.c @@ -109,6 +109,7 @@ #include <netinet/ip6.h> #include <netinet6/ip6_var.h> +#include <netinet6/scope6_var.h> #include <netinet6/nd6.h> #include <netinet6/ip6_mroute.h> #include <netinet6/pim6.h> @@ -1290,7 +1291,9 @@ ip6_mdq(m, ifp, rt) mifi_t mifi, iif; struct mif6 *mifp; int plen = m->m_pkthdr.len; - u_int32_t dscopein, sscopein; + struct in6_addr src0, dst0; /* copies for local work */ + u_int32_t iszone, idzone, oszone, odzone; + int error = 0; /* * Macro to send packet on mif. Since RSVP packets don't get counted on @@ -1422,13 +1425,15 @@ ip6_mdq(m, ifp, rt) * For each mif, forward a copy of the packet if there are group * members downstream on the interface. */ - if (in6_addr2zoneid(ifp, &ip6->ip6_dst, &dscopein) || - in6_addr2zoneid(ifp, &ip6->ip6_src, &sscopein)) - return (EINVAL); + src0 = ip6->ip6_src; + dst0 = ip6->ip6_dst; + if ((error = in6_setscope(&src0, ifp, &iszone)) != 0 || + (error = in6_setscope(&dst0, ifp, &idzone)) != 0) { + ip6stat.ip6s_badscope++; + return (error); + } for (mifp = mif6table, mifi = 0; mifi < nummifs; mifp++, mifi++) { if (IF_ISSET(mifi, &rt->mf6c_ifset)) { - u_int32_t dscopeout, sscopeout; - /* * check if the outgoing packet is going to break * a scope boundary. @@ -1438,14 +1443,12 @@ ip6_mdq(m, ifp, rt) if (!(mif6table[rt->mf6c_parent].m6_flags & MIFF_REGISTER) && !(mif6table[mifi].m6_flags & MIFF_REGISTER)) { - if (in6_addr2zoneid(mif6table[mifi].m6_ifp, - &ip6->ip6_dst, - &dscopeout) || - in6_addr2zoneid(mif6table[mifi].m6_ifp, - &ip6->ip6_src, - &sscopeout) || - dscopein != dscopeout || - sscopein != sscopeout) { + if (in6_setscope(&src0, mif6table[mifi].m6_ifp, + &oszone) || + in6_setscope(&dst0, mif6table[mifi].m6_ifp, + &odzone) || + iszone != oszone || + idzone != odzone) { ip6stat.ip6s_badscope++; continue; } |