kern/88664: [ipfw] ipfw stateful firewalling broken with IPv6
Joost Bekkers
joost at jodocus.org
Thu May 11 17:20:34 UTC 2006
The following reply was made to PR kern/88664; it has been noted by GNATS.
From: Joost Bekkers <joost at jodocus.org>
To: bug-followup at FreeBSD.org, jylefort at FreeBSD.org
Cc:
Subject: Re: kern/88664: [ipfw] ipfw stateful firewalling broken with IPv6
Date: Thu, 11 May 2006 18:58:46 +0200
The included patch fixes the problem, well for me anyway.
Can somebody check if this is 'the right thing' (tm) ?
--- ip_fw2.c-6.1R Thu May 11 18:02:22 2006
+++ ip_fw2.c Thu May 11 17:59:34 2006
@@ -671,17 +671,21 @@
static __inline int
hash_packet6(struct ipfw_flow_id *id)
{
u_int32_t i;
i = (id->dst_ip6.__u6_addr.__u6_addr32[0]) ^
(id->dst_ip6.__u6_addr.__u6_addr32[1]) ^
(id->dst_ip6.__u6_addr.__u6_addr32[2]) ^
(id->dst_ip6.__u6_addr.__u6_addr32[3]) ^
- (id->dst_port) ^ (id->src_port) ^ (id->flow_id6);
+ (id->src_ip6.__u6_addr.__u6_addr32[0]) ^
+ (id->src_ip6.__u6_addr.__u6_addr32[1]) ^
+ (id->src_ip6.__u6_addr.__u6_addr32[2]) ^
+ (id->src_ip6.__u6_addr.__u6_addr32[3]) ^
+ (id->dst_port) ^ (id->src_port);
return i;
}
static int
is_icmp6_query(int icmp6_type)
{
if ((icmp6_type <= ICMP6_MAXTYPE) &&
(icmp6_type == ICMP6_ECHO_REQUEST ||
--
greetz Joost
joost at jodocus.org
More information about the freebsd-ipfw
mailing list