IPv6 MLD packets blocked
Daniel Hartmeier
daniel at benzedrine.cx
Sat Dec 4 17:29:24 PST 2004
Can you try the patch below? I was able to reproduce the problem and
this solves it for me.
Daniel
Index: pf.c
===================================================================
RCS file: /cvs/freebsd/src/sys/contrib/pf/net/pf.c,v
retrieving revision 1.23
diff -u -r1.23 pf.c
--- pf.c 24 Nov 2004 00:43:34 -0000 1.23
+++ pf.c 5 Dec 2004 01:29:17 -0000
@@ -6334,7 +6334,8 @@
goto done;
}
if (dir == PF_IN && pf_check_proto_cksum(m, off,
- ntohs(h->ip6_plen), IPPROTO_TCP, AF_INET6)) {
+ ntohs(h->ip6_plen) - (off - sizeof(struct ip6_hdr)),
+ IPPROTO_TCP, AF_INET6)) {
action = PF_DROP;
goto done;
}
@@ -6372,7 +6373,8 @@
goto done;
}
if (dir == PF_IN && uh.uh_sum && pf_check_proto_cksum(m,
- off, ntohs(h->ip6_plen), IPPROTO_UDP, AF_INET6)) {
+ off, ntohs(h->ip6_plen) - (off - sizeof(struct ip6_hdr)),
+ IPPROTO_UDP, AF_INET6)) {
action = PF_DROP;
goto done;
}
@@ -6411,7 +6413,8 @@
goto done;
}
if (dir == PF_IN && pf_check_proto_cksum(m, off,
- ntohs(h->ip6_plen), IPPROTO_ICMPV6, AF_INET6)) {
+ ntohs(h->ip6_plen) - (off - sizeof(struct ip6_hdr)),
+ IPPROTO_ICMPV6, AF_INET6)) {
action = PF_DROP;
goto done;
}
More information about the freebsd-pf
mailing list