ipfw ipv6 problems + patch needing review

Bjoern A. Zeeb bzeeb-lists at lists.zabbadoz.net
Sun Aug 7 19:10:10 GMT 2005


Hi,

with the current implementation of ipfw + IPv6 we ran into a number
of problems.

1st category: syntax. You will find some information about this
on the page at [1].

2nd category: functionality. There had been problems with extension
headers and reading the code we discovered that there was no logging
for IPv6 *joy*. I got told that no reject code for v6 is another
showstopper for moving from ip6fw to ipfw.


There is a   patch at [2]   to address the extension header bug,
Ipv6 logging and TCP RST/ICMPv6 unreach features.
I need feedback on this to get it in before 6.0 so please test
and review and let me know.

The idea is to give people one clear set of things for ipv4 and
one clear set for ipv6. When running v6 using ip or any is almost
impossible with the current implementation apart from the default
rule.

It's a fixup patch to get the functionality in for 6.0 and leave
the cleanup for later. Not more not less.


Greetings
Bjoern A. Zeeb

[1] http://sources.zabbadoz.net/freebsd/ipfw-v6.html
[2] http://sources.zabbadoz.net/freebsd/patchset/ip_fw2.c-rev.1.106-10.diff

-- 
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT


More information about the freebsd-ipfw mailing list