upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-03 20:49:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/netinet6
History
Mark Johnston fdad6edfa5 ip: Defer checks for an unspecified dstaddr until after pfil hooks 
To comply with LINCE certification, it's necessary to ensure that
packets to 0.0.0.0/::0 are dropped and logged by the firewall.  Such
packets are dropped by ip_input() and ip6_input() before reaching pfil
hooks; reorder the checks to give firewalls a chance to drop the packets
themselves, as this gives better observability.

Note that ip_forward() and ip6_forward() ensure that such packets are
not forwarded; they are passed back unmodified.
2024-12-17 16:27:06 +01:00
..
dest6.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
frag6.c rss: add sysctl enable toggle 2024-06-03 11:06:55 +02:00
icmp6.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
icmp6.h sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
in6.c carp: check CARP status in in_localip_fib(), in6_localip_fib() 2024-03-28 12:35:45 -07:00
in6.h dummynet: passin after dispatch 2024-06-03 11:06:53 +02:00
in6_cksum.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in6_fib.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in6_fib.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
in6_fib_algo.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in6_gif.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in6_ifattach.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in6_ifattach.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
in6_jail.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in6_mcast.c netinet: Remove stale references to Giant from comments 2024-02-03 14:10:36 -05:00
in6_pcb.c rss: add sysctl enable toggle 2024-06-03 11:06:55 +02:00
in6_pcb.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
in6_proto.c netinet6: Add sysctl flag CTLFLAG_TUN to loader tunables 2023-10-02 08:49:37 +08:00
in6_rmx.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in6_rss.c sys: Remove $FreeBSD$: two-line .c pattern 2023-08-16 11:54:30 -06:00
in6_rss.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
in6_src.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in6_var.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
ip6.h sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
ip6_ecn.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
ip6_fastfwd.c ip: Defer checks for an unspecified dstaddr until after pfil hooks 2024-12-17 16:27:06 +01:00
ip6_forward.c netinet6: routed label was misplaced, checking non-shared-forward case 2024-07-20 21:30:32 +02:00
ip6_gre.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
ip6_id.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
ip6_input.c ip: Defer checks for an unspecified dstaddr until after pfil hooks 2024-12-17 16:27:06 +01:00
ip6_mroute.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
ip6_mroute.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
ip6_output.c rss: add sysctl enable toggle 2024-06-03 11:06:55 +02:00
ip6_var.h pf|ipfw|netinet6?: shared IP forwarding 2024-06-03 11:06:55 +02:00
ip_fw_nat64.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
ip_fw_nptv6.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
mld6.c sys: Use mbufq_empty instead of comparing mbufq_len against 0 2024-01-18 14:37:29 -08:00
mld6.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
mld6_var.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
nd6.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
nd6.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
nd6_nbr.c netinet6: Fix two typos in source code comments 2024-01-25 07:46:35 +01:00
nd6_rtr.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
pim6.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
pim6_var.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
raw_ip6.c inpcb: reoder inpcb destruction 2024-01-08 16:29:38 -08:00
raw_ip6.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
route6.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
scope6.c netinet6: Fix two typos in source code comments 2024-01-25 07:46:35 +01:00
scope6_var.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
sctp6_usrreq.c sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp6_var.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
send.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
send.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
tcp6_var.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
udp6_usrreq.c Add UDP encapsulation of ESP in IPv6 2024-06-10 14:33:01 +02:00
udp6_var.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00