Date: Tue, 11 Jul 2017 16:23:50 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 220640] [ipfw][patch] ipfw drops GRE over IPv6 packets Message-ID: <bug-220640-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220640 Bug ID: 220640 Summary: [ipfw][patch] ipfw drops GRE over IPv6 packets Product: Base System Version: 9.3-STABLE Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: kxie@xiplink.com Keywords: patch Created attachment 184263 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D184263&action= =3Dedit Add IPPROTO_GRE to IPv6 protocol case list in ipfw_chk() FreeBSD supports GRE over IPv6 tunnel, but if ipfw module is loaded,=20 ipfw_chk() searches the extension headers of IPv6 to get upper layer protoc= ols. There are a lot of protocols, but GRE is not one of them, so the GRE packets will be dropped if the sysctl 'net.inet6.ip6.fw.deny_unknown_exthdrs' is enabled, and unfortunately this option is set to 1 by default. Our working environment is 9.3-STABLE, but we checked FreeBSD 11-RELEASE and FreeBSD-current and they share the same problem. Attached patch simply adds IPPROTO_GRE to IPv6 protocol case list in ipfw_c= hk() and pulls up the mbuf. With patch applied, GRE over IPv6 tunnel can work wi= th ipfw module enabled. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-220640-8>