Re: kern/128260: [ipfw] [patch] ipfw_divert damages IPv6 packets

Dan Lukes Mon, 06 Sep 2010 04:00:36 -0700

The following reply was made to PR kern/128260; it has been noted by GNATS.

From: Dan Lukes <d...@obluda.cz>
To: bug-follo...@freebsd.org
Cc:  
Subject: Re: kern/128260: [ipfw] [patch] ipfw_divert damages IPv6 packets
Date: Mon, 06 Sep 2010 12:08:48 +0200

 The 8.1-RELEASE partially corrects such problem.

 But for DIVERT (not the TEE) there are still issues.

 For non-tee case, the header is still unconditionally considered to be 
 (struct ip). The
 ip->ip_off & (IP_MF | IP_OFFMASK)
 may be unintentionally true (for a IPv6 packet), then ip_reass will be 
 called with IPv6 packet, which is not apropriate.

 We still need to check the IP version:

 -       if (!tee && ntohs(ip->ip_off) & (IP_MF | IP_OFFMASK)) {
 +       if (ip->ip_v == 4 && !tee && ntohs(ip->ip_off) & (IP_MF | 
 IP_OFFMASK)) {

 Dan
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: kern/128260: [ipfw] [patch] ipfw_divert damages IPv6 packets

Reply via email to