git: 66f2f9ee0877 - main - ipfw: teach ipfw that pfsync is an upper layer protocol

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=66f2f9ee08770f2d2ad7de4dbb07ed77fb870a0f

commit 66f2f9ee08770f2d2ad7de4dbb07ed77fb870a0f
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-07-11 10:37:17 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-07-11 12:59:08 +0000

    ipfw: teach ipfw that pfsync is an upper layer protocol
    
    Explicitly add pfsync as a know upper layer protocol so we don't
    automatically discard pfsync packets (carried over IPv6).
    
    net.inet6.ip6.fw.deny_unknown_exthdrs defaults to 1, so even if
    net.inet.ip.fw.default_to_accept is set to 1 we'd discard pfsync (over
    IPv6).
    
    Reviewed by:    ae
    Differential Revision:  https://reviews.freebsd.org/D40973
---
 sys/netpfil/ipfw/ip_fw2.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c
index 766b978fbaf5..41420563ab5b 100644
--- a/sys/netpfil/ipfw/ip_fw2.c
+++ b/sys/netpfil/ipfw/ip_fw2.c
@@ -69,6 +69,7 @@ __FBSDID("$FreeBSD$");
 #include <net/route/nhop.h>
 #include <net/pfil.h>
 #include <net/vnet.h>
+#include <net/if_pfsync.h>
 
 #include <netpfil/pf/pf_mtag.h>
 
@@ -1718,6 +1719,10 @@ do {								\
 				PULLUP_TO(hlen, ulp, struct ip);
 				break;
 
+			case IPPROTO_PFSYNC:
+				PULLUP_TO(hlen, ulp, struct pfsync_header);
+				break;
+
 			default:
 				if (V_fw_verbose)
 					printf("IPFW2: IPV6 - Unknown "