svn commit: r320941 - head/sys/netpfil/ipfw
Philip Paeps
philip at FreeBSD.org
Thu Jul 13 09:01:23 UTC 2017
Author: philip
Date: Thu Jul 13 09:01:22 2017
New Revision: 320941
URL: https://svnweb.freebsd.org/changeset/base/320941
Log:
Fix GRE over IPv6 tunnels with IPFW
Previously, GRE packets in IPv6 tunnels would be dropped by IPFW (unless
net.inet6.ip6.fw.deny_unknown_exthdrs was unset).
PR: 220640
Submitted by: Kun Xie <kxie at xiplink.com>
MFC after: 1 week
Modified:
head/sys/netpfil/ipfw/ip_fw2.c
Modified: head/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw2.c Thu Jul 13 08:33:02 2017 (r320940)
+++ head/sys/netpfil/ipfw/ip_fw2.c Thu Jul 13 09:01:22 2017 (r320941)
@@ -92,6 +92,8 @@ __FBSDID("$FreeBSD$");
#include <netinet6/ip6_var.h>
#endif
+#include <net/if_gre.h> /* for struct grehdr */
+
#include <netpfil/ipfw/ip_fw_private.h>
#include <machine/in_cksum.h> /* XXX for in_cksum */
@@ -1160,6 +1162,11 @@ do { \
case IPPROTO_PIM:
/* XXX PIM header check? */
PULLUP_TO(hlen, ulp, struct pim);
+ break;
+
+ case IPPROTO_GRE: /* RFC 1701 */
+ /* XXX GRE header check? */
+ PULLUP_TO(hlen, ulp, struct grehdr);
break;
case IPPROTO_CARP:
More information about the svn-src-head
mailing list