>Number: 157239 >Category: kern >Synopsis: ipfw + dummynet corrupts ipv6 packets >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat May 21 14:00:21 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Jan Bramkamp >Release: 8.2-RELEASE >Organization: >Environment: FreeBSD test7.crest.dn42 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17 02:41:51 UTC 2011 r...@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: Setting two boxes up as described 'how to repeat' results in all IPv6 packets matching rule 100 leaving corrupted with invalid IPv6 option headers (header type = 64 or 255). >How-To-Repeat: # Reproduce 8.2-RELEASE amd64 # on both boxes /etc/rc.conf # ipv6_enable="YES" # ipv6_gateway_enable="YES" # box1 <--ethernet--> box2
# box1: ifconfig em0 inet6 fc00::1 # box2: ifconfig re0 inet6 fc00::2 # box1: ping6 fc00::2 # works, tcpdump shows icmp6 traffic # box1: ping6 fc00::2 # works, tcpdump shows icmp6 traffic # box1: kldload ipfw && kldload dummynet ipfw pipe 1 config ipfw add 100 pipe 1 ip6 from fc00::/64 to fc00::/64 out via em0 ipfw add 200 allow ip from any to any # box2: ping6 fc00::2 # broken # box1: ping6 fc00::1 # broken # box1: sysctl net.inet.ip.fw.one_pass=0 sysctl net.inet6.ip6.fw.deny_unknown_exthdrs=0 # packets leave corrupted >Fix: unknown >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
