cvs commit: src/sys/netinet6 route6.c

Kevin Oberman oberman at es.net
Tue Apr 24 15:00:14 UTC 2007 

> Date: Mon, 23 Apr 2007 20:32:10 +0000 (UTC)
> From: "Bjoern A. Zeeb" <bzeeb-lists at lists.zabbadoz.net>
> 
> On Mon, 23 Apr 2007, Kevin Oberman wrote:
> 
> Hi,
> 
> >> From: "George V. Neville-Neil" <gnn at FreeBSD.org>
> >> Date: Mon, 23 Apr 2007 09:32:04 +0000 (UTC)
> >> Sender: owner-cvs-all at freebsd.org
> >>
> >> gnn         2007-04-23 09:32:04 UTC
> >>
> >>   FreeBSD src repository
> >>
> >>   Modified files:
> >>     sys/netinet6         route6.c
> >>   Log:
> >>   Turn off route header processing for now due to issues pointed out
> >>   by Philippe Biondi and Arnaud Ebalard.  This is a temporary fix
> >>   until more discussion can be had on the exact risks involved in
> >>   allowing source routing in IPv6
> >>
> >>   Submitted by:   itojun
> >>   Reviewed by:    jinmei
> >>   MFC after:      1 day
> >>
> >>   Revision  Changes    Path
> >>   1.13      +7 -0      src/sys/netinet6/route6.c
> >
> > I forgot to mention (and not George's issue) is that a bit of work is
> > needed on ipfw for IPv6 data types. I have hit several issues which I
> > worked around, but, ATM, it can't differentiate between RH0 and RH2 in a
> > filter.
> 
> Just a five-minute-o-patch. I have not even compile time tested it.
> 
> 'route' will still match any routing header.
> 'rh0' should match rh0, and 'rh2' should match rh2.
> 
> http://sources.zabbadoz.net/freebsd/ipv6/patches/patch-20070423-ipfw-rh2.patch
> 
> Let me know if it works (or not;-)

Seems to be working, but I am on travel (at a networking meeting) and
not in my usual environment, so I have done only trivial testing. I
won't be able to test it beyond saying that it builds and I can write  a
rule to use it. I can't generate any packets with RH0 to confirm that it
is actually filtering anything. (At least it does not seem to break
anything.) 

Thanks, Bjoern!
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net			Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 224 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20070424/a947897b/attachment.pgp

More information about the cvs-src mailing list