kern/157239: [ipfw] [dummynet] ipfw + dummynet corrupts ipv6
packets
crest
crest at informatik.uni-bremen.de
Wed Jun 15 16:24:15 UTC 2011
On 06.06.2011, at 19:30, crest wrote:
>
> On 04.06.2011, at 15:00, Manuel Kasper wrote:
>
>> The following reply was made to PR kern/157239; it has been noted by GNATS.
>>
>> Also, I believe I've found the cause: ipfw/dummynet code uses =
>> SET_HOST_IPLEN on IPv6 packets in two instances, thus inadvertently =
>> swapping the next header and hop limit fields in the IPv6 header, =
>> causing the "Unknown Extension Header" warnings and dropped packets (or =
>> bad packets appearing on the wire if =
>> net.inet6.ip6.fw.deny_unknown_exthdrs=3D0).
>>
>> A patch against 8.2-RELEASE that fixes this issue for me is attached - =
>> Jan, could you please verify if this fixes the issue for you too?
>
> I tested the patch and it solved the problem for a simple test setup. I'll test it in a more complex setup this evening/ night (TZ=CEST).
I tried the patch on 3 Boxes (2 x amd64, 1 x i386). The patch solves the reported problem. I detected no regression.
More information about the freebsd-ipfw
mailing list