svn commit: r321873 - stable/10/sys/netpfil/ipfw
Philip Paeps
philip at FreeBSD.org
Tue Aug 1 13:15:31 UTC 2017
Author: philip
Date: Tue Aug 1 13:15:30 2017
New Revision: 321873
URL: https://svnweb.freebsd.org/changeset/base/321873
Log:
MFC r320941: Fix GRE over IPv6 tunnels with IPFW
Previously, GRE packets in IPv6 tunnels would be dropped by IPFW (unless
net.inet6.ip6.fw.deny_unknown_exthdrs was unset).
PR: 220640
Submitted by: Kun Xie <kxie at xiplink.com>
Modified:
stable/10/sys/netpfil/ipfw/ip_fw2.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- stable/10/sys/netpfil/ipfw/ip_fw2.c Tue Aug 1 13:07:54 2017 (r321872)
+++ stable/10/sys/netpfil/ipfw/ip_fw2.c Tue Aug 1 13:15:30 2017 (r321873)
@@ -87,6 +87,8 @@ __FBSDID("$FreeBSD$");
#include <netinet6/ip6_var.h>
#endif
+#include <net/if_gre.h> /* for struct grehdr */
+
#include <netpfil/ipfw/ip_fw_private.h>
#include <machine/in_cksum.h> /* XXX for in_cksum */
@@ -1141,6 +1143,11 @@ do { \
case IPPROTO_PIM:
/* XXX PIM header check? */
PULLUP_TO(hlen, ulp, struct pim);
+ break;
+
+ case IPPROTO_GRE: /* RFC 1701 */
+ /* XXX GRE header check? */
+ PULLUP_TO(hlen, ulp, struct grehdr);
break;
case IPPROTO_CARP:
More information about the svn-src-all
mailing list