kern/128260: [ipfw] [patch] ipfw_divert damages IPv6 packets
Dan Lukes
dan at obluda.cz
Mon Sep 6 11:00:20 UTC 2010
The following reply was made to PR kern/128260; it has been noted by GNATS.
From: Dan Lukes <dan at obluda.cz>
To: bug-followup at FreeBSD.org
Cc:
Subject: Re: kern/128260: [ipfw] [patch] ipfw_divert damages IPv6 packets
Date: Mon, 06 Sep 2010 12:08:48 +0200
The 8.1-RELEASE partially corrects such problem.
But for DIVERT (not the TEE) there are still issues.
For non-tee case, the header is still unconditionally considered to be
(struct ip). The
ip->ip_off & (IP_MF | IP_OFFMASK)
may be unintentionally true (for a IPv6 packet), then ip_reass will be
called with IPv6 packet, which is not apropriate.
We still need to check the IP version:
- if (!tee && ntohs(ip->ip_off) & (IP_MF | IP_OFFMASK)) {
+ if (ip->ip_v == 4 && !tee && ntohs(ip->ip_off) & (IP_MF |
IP_OFFMASK)) {
Dan
More information about the freebsd-ipfw
mailing list