Date: Thu, 11 May 2006 17:20:15 GMT From: Joost Bekkers <joost@jodocus.org> To: freebsd-ipfw@FreeBSD.org Subject: Re: kern/88664: [ipfw] ipfw stateful firewalling broken with IPv6 Message-ID: <200605111720.k4BHKFgj043938@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/88664; it has been noted by GNATS.
From: Joost Bekkers <joost@jodocus.org>
To: bug-followup@FreeBSD.org, jylefort@FreeBSD.org
Cc:
Subject: Re: kern/88664: [ipfw] ipfw stateful firewalling broken with IPv6
Date: Thu, 11 May 2006 18:58:46 +0200
The included patch fixes the problem, well for me anyway.
Can somebody check if this is 'the right thing' (tm) ?
--- ip_fw2.c-6.1R Thu May 11 18:02:22 2006
+++ ip_fw2.c Thu May 11 17:59:34 2006
@@ -671,17 +671,21 @@
static __inline int
hash_packet6(struct ipfw_flow_id *id)
{
u_int32_t i;
i = (id->dst_ip6.__u6_addr.__u6_addr32[0]) ^
(id->dst_ip6.__u6_addr.__u6_addr32[1]) ^
(id->dst_ip6.__u6_addr.__u6_addr32[2]) ^
(id->dst_ip6.__u6_addr.__u6_addr32[3]) ^
- (id->dst_port) ^ (id->src_port) ^ (id->flow_id6);
+ (id->src_ip6.__u6_addr.__u6_addr32[0]) ^
+ (id->src_ip6.__u6_addr.__u6_addr32[1]) ^
+ (id->src_ip6.__u6_addr.__u6_addr32[2]) ^
+ (id->src_ip6.__u6_addr.__u6_addr32[3]) ^
+ (id->dst_port) ^ (id->src_port);
return i;
}
static int
is_icmp6_query(int icmp6_type)
{
if ((icmp6_type <= ICMP6_MAXTYPE) &&
(icmp6_type == ICMP6_ECHO_REQUEST ||
--
greetz Joost
joost@jodocus.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605111720.k4BHKFgj043938>