From 74ff87cd16e4ebc65b6e80235869bf44b94ce64f Mon Sep 17 00:00:00 2001
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Fri, 6 Dec 2019 16:53:42 +0000
Subject: [PATCH] Update comment.

Update the comment related to SIIT and v4mapped addresses being rejected
by us when coming from the wire given we have supported IPv6-only kernels
for a few years now.
See also draft-itojun-v6ops-v4mapped-harmful.

Suggested by:	melifaro
MFC after:	2 weeks
---
 sys/netinet6/ip6_input.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index 431941dcad1..4044d590b4b 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -677,11 +677,10 @@ ip6_input(struct mbuf *m)
 	 * and bypass security checks (act as if it was from 127.0.0.1 by using
 	 * IPv6 src ::ffff:127.0.0.1).  Be cautious.
 	 *
-	 * This check chokes if we are in an SIIT cloud.  As none of BSDs
-	 * support IPv4-less kernel compilation, we cannot support SIIT
-	 * environment at all.  So, it makes more sense for us to reject any
-	 * malicious packets for non-SIIT environment, than try to do a
-	 * partial support for SIIT environment.
+	 * We have supported IPv6-only kernels for a few years and this issue
+	 * has not come up.  The world seems to move mostly towards not using
+	 * v4mapped on the wire, so it makes sense for us to keep rejecting
+	 * any such packets.
 	 */
 	if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
 	    IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {