git: 1a9f9b4e38c3 - stable/13 - ipfw: Teach ipfw that EtherIP is an upper layer protocol
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 04 Oct 2025 16:44:33 UTC
The branch stable/13 has been updated by zlei:
URL: https://cgit.FreeBSD.org/src/commit/?id=1a9f9b4e38c370eb505554edba6041542b8ba701
commit 1a9f9b4e38c370eb505554edba6041542b8ba701
Author: Zhenlei Huang <zlei@FreeBSD.org>
AuthorDate: 2025-09-16 15:58:24 +0000
Commit: Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2025-10-04 16:43:21 +0000
ipfw: Teach ipfw that EtherIP is an upper layer protocol
so that we do not discard EtherIP packets ( over IPv6 network ) when
net.inet6.ip6.fw.deny_unknown_exthdrs is set to 1 ( which is the default
value ).
PR: 227450
Reviewed by: ae, #network
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52566
(cherry picked from commit 0418e6690e91aa6c38dd9af9da43c4c5a9dc1cd2)
(cherry picked from commit b1c96e54b906d0cdea0b5a9c74cc295803dfe50e)
(cherry picked from commit b4c6c3db0379a5b3d34143325805cd7e68cf3d9a)
---
sys/netpfil/ipfw/ip_fw2.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c
index 2e306d9e291c..efcb269a4831 100644
--- a/sys/netpfil/ipfw/ip_fw2.c
+++ b/sys/netpfil/ipfw/ip_fw2.c
@@ -66,6 +66,7 @@
#include <net/route/nhop.h>
#include <net/pfil.h>
#include <net/vnet.h>
+#include <net/if_gif.h>
#include <netpfil/pf/pf_mtag.h>
@@ -1702,6 +1703,12 @@ do { \
PULLUP_TO(hlen, ulp, struct ip);
break;
+ case IPPROTO_ETHERIP: /* RFC 3378 */
+ PULLUP_LEN(hlen, ulp,
+ sizeof(struct etherip_header) +
+ sizeof(struct ether_header));
+ break;
+
default:
if (V_fw_verbose)
printf("IPFW2: IPV6 - Unknown "