Date: Sun, 12 Jun 2005 18:33:54 +0200 From: Max Laier <max@love2party.net> To: freebsd-current@freebsd.org Cc: freebsd-ipfw@freebsd.org Subject: Fwd: cvs commit: src/sys/netinet ip_fw2.c Message-ID: <200506121834.02020.max@love2party.net>
next in thread | raw e-mail | index | archive | help
--nextPart6079990.JVTdZoh8OC Content-Type: multipart/mixed; boundary="Boundary-01=_0PGrC/u4C6yc+AM" Content-Transfer-Encoding: 7bit Content-Disposition: inline --Boundary-01=_0PGrC/u4C6yc+AM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline All, if you are relying on IPFW2's new IPv6 capabilities as your IPv6 packet=20 filter, it's time to update. The commit below fixes a problem with in the= =20 code that would match random IPv6 packets to IPv4 rules. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-01=_0PGrC/u4C6yc+AM Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Description: Max Laier <mlaier@FreeBSD.org>: cvs commit: src/sys/netinet ip_fw2.c Content-Disposition: inline; filename*= Return-Path: <owner-src-committers@FreeBSD.org> Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 51960 invoked by alias); 12 Jun 2005 16:27:44 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 51957 invoked from network); 12 Jun 2005 16:27:44 -0000 Received: from mx2.freebsd.org (216.136.204.119) by p54a3c3c9.dip.t-dialin.net with SMTP; 12 Jun 2005 16:27:44 -0000 Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 0D70558DAF for <max@vampire.homelinux.org>; Sun, 12 Jun 2005 16:27:17 +0000 (GMT) (envelope-from owner-src-committers@FreeBSD.org) Received: by hub.freebsd.org (Postfix) id 7514516A480; Sun, 12 Jun 2005 16:27:13 +0000 (GMT) Delivered-To: mlaier@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 538) id 5FEE116A420; Sun, 12 Jun 2005 16:27:11 +0000 (GMT) X-Original-To: src-committers@FreeBSD.org Delivered-To: src-committers@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB5D116A41C; Sun, 12 Jun 2005 16:27:10 +0000 (GMT) (envelope-from mlaier@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 725C743D1F; Sun, 12 Jun 2005 16:27:10 +0000 (GMT) (envelope-from mlaier@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j5CGRAFg090004; Sun, 12 Jun 2005 16:27:10 GMT (envelope-from mlaier@repoman.freebsd.org) Received: (from mlaier@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j5CGRAMe090003; Sun, 12 Jun 2005 16:27:10 GMT (envelope-from mlaier) Message-Id: <200506121627.j5CGRAMe090003@repoman.freebsd.org> From: Max Laier <mlaier@FreeBSD.org> Date: Sun, 12 Jun 2005 16:27:10 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet ip_fw2.c X-FreeBSD-CVS-Branch: HEAD Sender: owner-src-committers@FreeBSD.org Precedence: bulk X-Loop: FreeBSD.ORG Content-Type: X-UID: 30203 X-Length: 2823 mlaier 2005-06-12 16:27:10 UTC FreeBSD src repository Modified files: sys/netinet ip_fw2.c Log: When doing matching based on dst_ip/src_ip make sure we are really looking on an IPv4 packet as these variables are uninitialized if not. This used to allow arbitrary IPv6 packets depending on the value in the uninitialized variables. Some opcodes (most noteably O_REJECT) do not support IPv6 at all right now. Reviewed by: brooks, glebius Security: IPFW might pass IPv6 packets depending on stack contents. Approved by: re (blanket) Revision Changes Path 1.102 +13 -10 src/sys/netinet/ip_fw2.c --Boundary-01=_0PGrC/u4C6yc+AM-- --nextPart6079990.JVTdZoh8OC Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQBCrGP5XyyEoT62BG0RApU5AJsFZZm4zlb6hF/yw8M33NsqE/CkZgCeN0+w tQeouPZfZc+e/XBfbo3oa60= =Qq/k -----END PGP SIGNATURE----- --nextPart6079990.JVTdZoh8OC--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506121834.02020.max>