kern/157239: [ipfw] [dummynet] ipfw + dummynet corrupts ipv6
packets
crest
crest at informatik.uni-bremen.de
Mon Jun 6 23:46:16 UTC 2011
On 04.06.2011, at 15:00, Manuel Kasper wrote:
> The following reply was made to PR kern/157239; it has been noted by GNATS.
>
> Also, I believe I've found the cause: ipfw/dummynet code uses =
> SET_HOST_IPLEN on IPv6 packets in two instances, thus inadvertently =
> swapping the next header and hop limit fields in the IPv6 header, =
> causing the "Unknown Extension Header" warnings and dropped packets (or =
> bad packets appearing on the wire if =
> net.inet6.ip6.fw.deny_unknown_exthdrs=3D0).
>
> A patch against 8.2-RELEASE that fixes this issue for me is attached - =
> Jan, could you please verify if this fixes the issue for you too?
I tested the patch and it solved the problem for a simple test setup. I'll test it in a more complex setup this evening/ night (TZ=CEST).
More information about the freebsd-ipfw
mailing list