[Bug 203585] update 235959 and 235961 breaks ipv6 layer 4 checksums in ipf
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Jul 12 02:14:48 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203585
--- Comment #5 from commit-hook at freebsd.org ---
A commit references this bug:
Author: cy
Date: Fri Jul 12 02:14:07 UTC 2019
New revision: 349931
URL: https://svnweb.freebsd.org/changeset/base/349931
Log:
MFC r349927, r349929:
r349927:
Resolve IPv6 checksum errors with stateful inspection. According to
PR/203585 this appears to have been broken by r235959, which predates
the ipfilter 5.1.2 import into FreeBSD.
The IPv6 checksum calculation is incorrect. To resolve this we call
in6_cksum() to do the the heavy lifting for us, through a new function
ipf_pcksum6(). Should we need to revisit this area again, a DTrace probe
is added to aid with future debugging.
Plus whitespace adjustments (r348989).
PR: 203275, 203585
Differential Revision: https://reviews.freebsd.org/D20583
r349929:
Move the new ipf_pcksum6() function from ip_fil_freebsd.c to fil.c.
The reason for this is that ipftest(8), which still works on FreeBSD-11,
fails to link to it, breaking stable/11 builds.
ipftest(8) was broken (segfault) sometime during the FreeBSD-12 cycle.
glebius@ suggested we disable building it until I can get around to
fixing it. Hence this was not caught in -current.
The intention is to fix ipftest(8) as it is used by the netbsd-tests
(imported by ngie@ many moons ago) for regression testing.
Changes:
_U stable/10/
stable/10/sys/contrib/ipfilter/netinet/fil.c
stable/10/sys/contrib/ipfilter/netinet/ip_fil.h
stable/10/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
_U stable/11/
stable/11/sys/contrib/ipfilter/netinet/fil.c
stable/11/sys/contrib/ipfilter/netinet/ip_fil.h
stable/11/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-ipfw
mailing list