3571e53040
patches for easier mirroring, to eliminate a special copy, to make www.freebsd.org/security a full copy of security.freebsd.org and be eventually be the same. For now files are just sitting there. The symlinks are missing. Discussed on: www (repository location) Discussed with: simon (so)
66 lines
2 KiB
Diff
66 lines
2 KiB
Diff
Index: sys/netinet6/in6.h
|
|
===================================================================
|
|
RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/in6.h,v
|
|
retrieving revision 1.36.2.7
|
|
diff -u -r1.36.2.7 in6.h
|
|
--- sys/netinet6/in6.h 20 Aug 2006 19:28:43 -0000 1.36.2.7
|
|
+++ sys/netinet6/in6.h 24 Apr 2007 03:11:29 -0000
|
|
@@ -574,5 +574,6 @@
|
|
#define IPV6CTL_STEALTH 45
|
|
-#define IPV6CTL_MAXID 46
|
|
+#define IPV6CTL_RTHDR0_ALLOWED 46
|
|
+#define IPV6CTL_MAXID 47
|
|
#endif /* __BSD_VISIBLE */
|
|
|
|
/*
|
|
Index: sys/netinet6/in6_proto.c
|
|
===================================================================
|
|
RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/in6_proto.c,v
|
|
retrieving revision 1.32.2.5
|
|
diff -u -r1.32.2.5 in6_proto.c
|
|
--- sys/netinet6/in6_proto.c 16 Oct 2006 15:11:18 -0000 1.32.2.5
|
|
+++ sys/netinet6/in6_proto.c 24 Apr 2007 07:46:54 -0000
|
|
@@ -376,6 +376,8 @@
|
|
#ifdef IPSTEALTH
|
|
int ip6stealth = 0;
|
|
#endif
|
|
+int ip6_rthdr0_allowed = 0; /* Disallow use of routing header 0 */
|
|
+ /* by default. */
|
|
|
|
/* icmp6 */
|
|
/*
|
|
@@ -519,6 +521,9 @@
|
|
SYSCTL_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_RW,
|
|
&ip6stealth, 0, "");
|
|
#endif
|
|
+SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTHDR0_ALLOWED,
|
|
+ rthdr0_allowed, CTLFLAG_RW, &ip6_rthdr0_allowed, 0, "");
|
|
+
|
|
|
|
/* net.inet6.icmp6 */
|
|
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT,
|
|
Index: sys/netinet6/route6.c
|
|
===================================================================
|
|
RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/route6.c,v
|
|
retrieving revision 1.11.2.1
|
|
diff -u -r1.11.2.1 route6.c
|
|
--- sys/netinet6/route6.c 4 Nov 2005 20:26:15 -0000 1.11.2.1
|
|
+++ sys/netinet6/route6.c 24 Apr 2007 08:06:00 -0000
|
|
@@ -49,6 +49,8 @@
|
|
|
|
#include <netinet/icmp6.h>
|
|
|
|
+extern int ip6_rthdr0_allowed;
|
|
+
|
|
static int ip6_rthdr0 __P((struct mbuf *, struct ip6_hdr *,
|
|
struct ip6_rthdr0 *));
|
|
|
|
@@ -88,6 +90,8 @@
|
|
|
|
switch (rh->ip6r_type) {
|
|
case IPV6_RTHDR_TYPE_0:
|
|
+ if (!ip6_rthdr0_allowed)
|
|
+ return (IPPROTO_DONE);
|
|
rhlen = (rh->ip6r_len + 1) << 3;
|
|
#ifndef PULLDOWN_TEST
|
|
/*
|