From: Harlan Stenn <stenn@ntp.org>
Date: Thu, 18 Dec 2014 13:11:35 +0000 (+0000)
Subject: [Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs: debug output... 
X-Git-Tag: NTP_4_2_8~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4ba6ea90c825dedb4395d84bc27f61ec4d751c6f;p=thirdparty%2Fntp.git

[Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs: debug output tweaking

bk: 5492d2879rotbnnuVch_ZC3RAfS8AA
---

diff --git a/ntpd/ntp_io.c b/ntpd/ntp_io.c
index aa415ccc1..8be7247d3 100644
--- a/ntpd/ntp_io.c
+++ b/ntpd/ntp_io.c
@@ -3450,8 +3450,12 @@ read_network_packet(
 	*/
 
 	if (AF_INET6 == itf->family) {
-		DPRINTF(1, ("Got an IPv6 packet, from <%s> to <%s>\n",
-			stoa(&rb->recv_srcadr), stoa(&itf->sin)));
+		DPRINTF(1, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n",
+			stoa(&rb->recv_srcadr),
+			IN6_IS_ADDR_LOOPBACK(&rb->recv_srcadr),
+			stoa(&itf->sin),
+			!IN6_IS_ADDR_LOOPBACK(&itf->sin)
+			));
 	}
 
 	if (   AF_INET6 == itf->family