Date: Tue, 23 Sep 2025 13:08:35 GMT From: Zhenlei Huang <zlei@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: b1c96e54b906 - stable/15 - ipfw: Teach ipfw that EtherIP is an upper layer protocol Message-ID: <202509231308.58ND8ZHu024979@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/15 has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=b1c96e54b906d0cdea0b5a9c74cc295803dfe50e commit b1c96e54b906d0cdea0b5a9c74cc295803dfe50e Author: Zhenlei Huang <zlei@FreeBSD.org> AuthorDate: 2025-09-16 15:58:24 +0000 Commit: Zhenlei Huang <zlei@FreeBSD.org> CommitDate: 2025-09-23 13:07:33 +0000 ipfw: Teach ipfw that EtherIP is an upper layer protocol so that we do not discard EtherIP packets ( over IPv6 network ) when net.inet6.ip6.fw.deny_unknown_exthdrs is set to 1 ( which is the default value ). PR: 227450 Reviewed by: ae, #network MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52566 (cherry picked from commit 0418e6690e91aa6c38dd9af9da43c4c5a9dc1cd2) --- sys/netpfil/ipfw/ip_fw2.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index 3f810533b7fc..b59d8d08bf80 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -67,6 +67,7 @@ #include <net/route/nhop.h> #include <net/pfil.h> #include <net/vnet.h> +#include <net/if_gif.h> #include <net/if_pfsync.h> #include <netpfil/pf/pf_mtag.h> @@ -1757,6 +1758,12 @@ do { \ PULLUP_TO(hlen, ulp, struct ip); break; + case IPPROTO_ETHERIP: /* RFC 3378 */ + PULLUP_LEN(hlen, ulp, + sizeof(struct etherip_header) + + sizeof(struct ether_header)); + break; + case IPPROTO_PFSYNC: PULLUP_TO(hlen, ulp, struct pfsync_header); break;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202509231308.58ND8ZHu024979>