kern/89472: ipfw2 no longer supports filtering IPv6-over-IPv4
on 6.0-RELEASE
Hajimu UMEMOTO
ume at freebsd.org
Sun Nov 27 05:10:16 GMT 2005
The following reply was made to PR kern/89472; it has been noted by GNATS.
From: Hajimu UMEMOTO <ume at freebsd.org>
To: =?ISO-8859-1?Q?Ga=EBl?= Roualland <gael.roualland at dial.oleane.com>
Cc: FreeBSD-gnats-submit at freebsd.org
Subject: Re: kern/89472: ipfw2 no longer supports filtering IPv6-over-IPv4 on 6.0-RELEASE
Date: Sun, 27 Nov 2005 14:06:17 +0900
Hi,
>>>>> On Sun, 27 Nov 2005 02:15:05 +0100
>>>>> Ga=EBl Roualland <gael.roualland at dial.oleane.com> said:
gael> I applied the patch, and 'show' was fine (except for ipv6 instead of
gael> 41), but it did break my other rules.. Looks like "allow ip from any =
to
gael> any" doesn't match anything anymore...
Oops, please try this patch instead.
Index: sbin/ipfw/ipfw2.c
diff -u -p sbin/ipfw/ipfw2.c.orig sbin/ipfw/ipfw2.c
--- sbin/ipfw/ipfw2.c.orig Sat Aug 20 17:36:57 2005
+++ sbin/ipfw/ipfw2.c Sun Nov 27 13:19:40 2005
@@ -3596,7 +3596,7 @@ add_proto(ipfw_insn *cmd, char *av, u_ch
=20
*proto =3D IPPROTO_IP;
=20
- if (_substrcmp(av, "all") =3D=3D 0)
+ if (_substrcmp(av, "all") =3D=3D 0 || strcmp(av, "ip") =3D=3D 0)
; /* do not set O_IP4 nor O_IP6 */
else if (strcmp(av, "ipv4") =3D=3D 0 || strcmp(av, "ip4") =3D=3D 0)
/* explicit "just IPv4" rule */
@@ -3606,13 +3606,12 @@ add_proto(ipfw_insn *cmd, char *av, u_ch
*proto =3D IPPROTO_IPV6;
fill_cmd(cmd, O_IP6, 0, 0);
} else if ((*proto =3D atoi(av)) > 0)
- ; /* all done! */
- else if ((pe =3D getprotobyname(av)) !=3D NULL)
+ fill_cmd(cmd, O_PROTO, 0, *proto);
+ else if ((pe =3D getprotobyname(av)) !=3D NULL) {
*proto =3D pe->p_proto;
- else
- return NULL;
- if (*proto !=3D IPPROTO_IP && *proto !=3D IPPROTO_IPV6)
fill_cmd(cmd, O_PROTO, 0, *proto);
+ } else
+ return NULL;
=20
return cmd;
}
Sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume at mahoroba.org ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
More information about the freebsd-ipfw
mailing list