From owner-freebsd-ipfw@FreeBSD.ORG  Sun Aug  7 19:10:10 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CB14616A41F
	for <freebsd-ipfw@freebsd.org>; Sun,  7 Aug 2005 19:10:10 +0000 (GMT)
	(envelope-from bzeeb-lists@lists.zabbadoz.net)
Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 60FE243D46
	for <freebsd-ipfw@freebsd.org>; Sun,  7 Aug 2005 19:10:09 +0000 (GMT)
	(envelope-from bzeeb-lists@lists.zabbadoz.net)
Received: from transport.cksoft.de (localhost [127.0.0.1])
	by transport.cksoft.de (Postfix) with ESMTP id 2700E1FFAD4
	for <freebsd-ipfw@freebsd.org>; Sun,  7 Aug 2005 21:10:08 +0200 (CEST)
Received: by transport.cksoft.de (Postfix, from userid 66)
	id D3AC01FFAD3; Sun,  7 Aug 2005 21:10:05 +0200 (CEST)
Received: by mail.int.zabbadoz.net (Postfix, from userid 1060)
	id 6DAF51538C; Sun,  7 Aug 2005 19:09:56 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.int.zabbadoz.net (Postfix) with ESMTP id 6348815384
	for <freebsd-ipfw@freebsd.org>; Sun,  7 Aug 2005 19:09:56 +0000 (UTC)
Date: Sun, 7 Aug 2005 19:09:56 +0000 (UTC)
From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net
To: FreeBSD ipfw mailing list <freebsd-ipfw@freebsd.org>
Message-ID: <Pine.BSF.4.53.0508071827560.62130@e0-0.zab2.int.zabbadoz.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de
Subject: ipfw ipv6 problems + patch needing review
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Aug 2005 19:10:10 -0000

Hi,

with the current implementation of ipfw + IPv6 we ran into a number
of problems.

1st category: syntax. You will find some information about this
on the page at [1].

2nd category: functionality. There had been problems with extension
headers and reading the code we discovered that there was no logging
for IPv6 *joy*. I got told that no reject code for v6 is another
showstopper for moving from ip6fw to ipfw.


There is a   patch at [2]   to address the extension header bug,
Ipv6 logging and TCP RST/ICMPv6 unreach features.
I need feedback on this to get it in before 6.0 so please test
and review and let me know.

The idea is to give people one clear set of things for ipv4 and
one clear set for ipv6. When running v6 using ip or any is almost
impossible with the current implementation apart from the default
rule.

It's a fixup patch to get the functionality in for 6.0 and leave
the cleanup for later. Not more not less.


Greetings
Bjoern A. Zeeb

[1] http://sources.zabbadoz.net/freebsd/ipfw-v6.html
[2] http://sources.zabbadoz.net/freebsd/patchset/ip_fw2.c-rev.1.106-10.diff

-- 
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT