[Bug 203585] update 235959 and 235961 breaks ipv6 layer 4 checksums in ipf
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jun 12 11:08:22 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203585
--- Comment #3 from commit-hook at freebsd.org ---
A commit references this bug:
Author: cy
Date: Wed Jun 12 11:06:59 UTC 2019
New revision: 348987
URL: https://svnweb.freebsd.org/changeset/base/348987
Log:
Resolve IPv6 checksum errors with stateful inspection. According to
PR/203585 this appears to have been broken by r235959, which predates
the ipfilter 5.1.2 import into FreeBSD.
The IPv6 checksum calculation is incorrect. To resolve this we call
in6_cksum() to do the the heavy lifting for us, through a new function
ipf_pcksum6(). Should we need to revisit this area again, a DTrace probe
is added to aid with future debugging.
PR: 203275, 203585
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D20583
Changes:
head/sys/contrib/ipfilter/netinet/fil.c
head/sys/contrib/ipfilter/netinet/ip_fil.h
head/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-ipfw
mailing list