From owner-freebsd-ipfw@FreeBSD.ORG  Thu Jun  8 12:03:17 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6EEB816AF8B
	for <freebsd-ipfw@freebsd.org>; Thu,  8 Jun 2006 10:20:56 +0000 (UTC)
	(envelope-from jhay@meraka.csir.co.za)
Received: from zibbi.meraka.csir.co.za (zibbi.meraka.csir.co.za [146.64.24.58])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BDDC843D5E
	for <freebsd-ipfw@freebsd.org>; Thu,  8 Jun 2006 10:20:51 +0000 (GMT)
	(envelope-from jhay@meraka.csir.co.za)
Received: by zibbi.meraka.csir.co.za (Postfix, from userid 3973)
	id 0E80233C93; Thu,  8 Jun 2006 12:20:45 +0200 (SAST)
Date: Thu, 8 Jun 2006 12:20:45 +0200
From: John Hay <jhay@meraka.org.za>
To: freebsd-ipfw@freebsd.org
Message-ID: <20060608102044.GA31577@zibbi.meraka.csir.co.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Subject: Unknown Extension Header(103)
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2006 12:03:21 -0000

Hi,

I have tried to upgrade our firewall/router from 5.3 to 6.1-stable and
ran into these messages:

IPFW2: IPV6 - Unknown Extension Header(103), ext_hd=0

There were so many that the machine got stuck. It turns out that ipfw
did not like the pim multicast packets on ipv6. I think I have fixed
the problem for now with the patch below. Is my patch acceptable? Can
I commit it?

One thing that bothers me a bit is the printf in the default case that
is not rate limitted and you are not able to switch it off via a sysctl
or something. Should it stay like that?

The message is also a bit misleading I think.

John
-- 
John Hay -- John.Hay@meraka.csir.co.za / jhay@FreeBSD.org

Index: ip_fw2.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v
retrieving revision 1.106.2.13
diff -u -r1.106.2.13 ip_fw2.c
--- ip_fw2.c	2 Jun 2006 04:02:06 -0000	1.106.2.13
+++ ip_fw2.c	8 Jun 2006 09:12:09 -0000
@@ -71,6 +71,7 @@
 #include <netinet/ip_fw.h>
 #include <netinet/ip_divert.h>
 #include <netinet/ip_dummynet.h>
+#include <netinet/pim.h>
 #include <netinet/tcp.h>
 #include <netinet/tcp_timer.h>
 #include <netinet/tcp_var.h>
@@ -2274,6 +2275,11 @@
 				PULLUP_TO(hlen, ulp, struct ip6_ext);
 				break;
 
+			case IPPROTO_PIM:
+				/* XXX PIM header check? */
+				PULLUP_TO(hlen, ulp, struct pim);
+				break;
+
 			default:
 				printf("IPFW2: IPV6 - Unknown Extension "
 				    "Header(%d), ext_hd=%x\n", proto, ext_hd);