svn commit: r201740 - head/sys/netinet/ipfw
Luigi Rizzo
luigi at FreeBSD.org
Thu Jan 7 12:00:54 UTC 2010
Author: luigi
Date: Thu Jan 7 12:00:54 2010
New Revision: 201740
URL: http://svn.freebsd.org/changeset/base/201740
Log:
check that we have an ipv4 packet before swapping ip_len and ip_off.
This should fix the handling of ipv6 packets which i broke when i
made ipfw operate on packets in network format.
Reported by: Hajimu UMEMOTO
Modified:
head/sys/netinet/ipfw/ip_fw_pfil.c
Modified: head/sys/netinet/ipfw/ip_fw_pfil.c
==============================================================================
--- head/sys/netinet/ipfw/ip_fw_pfil.c Thu Jan 7 11:54:36 2010 (r201739)
+++ head/sys/netinet/ipfw/ip_fw_pfil.c Thu Jan 7 12:00:54 2010 (r201740)
@@ -104,7 +104,8 @@ ipfw_check_hook(void *arg, struct mbuf *
int ret;
/* all the processing now uses ip_len in net format */
- SET_NET_IPLEN(mtod(*m0, struct ip *));
+ if (mtod(*m0, struct ip *)->ip_v == 4)
+ SET_NET_IPLEN(mtod(*m0, struct ip *));
/* convert dir to IPFW values */
dir = (dir == PFIL_IN) ? DIR_IN : DIR_OUT;
@@ -236,7 +237,7 @@ again:
FREE_PKT(*m0);
*m0 = NULL;
}
- if (*m0)
+ if (*m0 && mtod(*m0, struct ip *)->ip_v == 4)
SET_HOST_IPLEN(mtod(*m0, struct ip *));
return ret;
}
More information about the svn-src-all
mailing list