git: 0418e6690e91 - main - ipfw: Teach ipfw that EtherIP is an upper layer protocol
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 16 Sep 2025 16:00:29 UTC
The branch main has been updated by zlei:
URL: https://cgit.FreeBSD.org/src/commit/?id=0418e6690e91aa6c38dd9af9da43c4c5a9dc1cd2
commit 0418e6690e91aa6c38dd9af9da43c4c5a9dc1cd2
Author: Zhenlei Huang <zlei@FreeBSD.org>
AuthorDate: 2025-09-16 15:58:24 +0000
Commit: Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2025-09-16 15:58:24 +0000
ipfw: Teach ipfw that EtherIP is an upper layer protocol
so that we do not discard EtherIP packets ( over IPv6 network ) when
net.inet6.ip6.fw.deny_unknown_exthdrs is set to 1 ( which is the default
value ).
PR: 227450
Reviewed by: ae, #network
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52566
---
sys/netpfil/ipfw/ip_fw2.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c
index 3f810533b7fc..b59d8d08bf80 100644
--- a/sys/netpfil/ipfw/ip_fw2.c
+++ b/sys/netpfil/ipfw/ip_fw2.c
@@ -67,6 +67,7 @@
#include <net/route/nhop.h>
#include <net/pfil.h>
#include <net/vnet.h>
+#include <net/if_gif.h>
#include <net/if_pfsync.h>
#include <netpfil/pf/pf_mtag.h>
@@ -1757,6 +1758,12 @@ do { \
PULLUP_TO(hlen, ulp, struct ip);
break;
+ case IPPROTO_ETHERIP: /* RFC 3378 */
+ PULLUP_LEN(hlen, ulp,
+ sizeof(struct etherip_header) +
+ sizeof(struct ether_header));
+ break;
+
case IPPROTO_PFSYNC:
PULLUP_TO(hlen, ulp, struct pfsync_header);
break;