Date: Mon, 6 Sep 2010 11:00:19 GMT From: Dan Lukes <dan@obluda.cz> To: freebsd-ipfw@FreeBSD.org Subject: Re: kern/128260: [ipfw] [patch] ipfw_divert damages IPv6 packets Message-ID: <201009061100.o86B0JAd099497@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/128260; it has been noted by GNATS.
From: Dan Lukes <dan@obluda.cz>
To: bug-followup@FreeBSD.org
Cc:
Subject: Re: kern/128260: [ipfw] [patch] ipfw_divert damages IPv6 packets
Date: Mon, 06 Sep 2010 12:08:48 +0200
The 8.1-RELEASE partially corrects such problem.
But for DIVERT (not the TEE) there are still issues.
For non-tee case, the header is still unconditionally considered to be
(struct ip). The
ip->ip_off & (IP_MF | IP_OFFMASK)
may be unintentionally true (for a IPv6 packet), then ip_reass will be
called with IPv6 packet, which is not apropriate.
We still need to check the IP version:
- if (!tee && ntohs(ip->ip_off) & (IP_MF | IP_OFFMASK)) {
+ if (ip->ip_v == 4 && !tee && ntohs(ip->ip_off) & (IP_MF |
IP_OFFMASK)) {
Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201009061100.o86B0JAd099497>