Date: Tue, 24 Apr 2007 07:44:46 -0700 From: "Kevin Oberman" <oberman@es.net> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: "George V. Neville-Neil" <gnn@FreeBSD.org>, src-committers@FreeBSD.org, cvs-all@FreeBSD.org, cvs-src@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet6 route6.c Message-ID: <20070424144446.2BA6D45058@ptavv.es.net> In-Reply-To: Your message of "Mon, 23 Apr 2007 20:32:10 -0000." <20070423202957.W36917@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--==_Exmh_1177425886_22570P Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > Date: Mon, 23 Apr 2007 20:32:10 +0000 (UTC) > From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> > > On Mon, 23 Apr 2007, Kevin Oberman wrote: > > Hi, > > >> From: "George V. Neville-Neil" <gnn@FreeBSD.org> > >> Date: Mon, 23 Apr 2007 09:32:04 +0000 (UTC) > >> Sender: owner-cvs-all@freebsd.org > >> > >> gnn 2007-04-23 09:32:04 UTC > >> > >> FreeBSD src repository > >> > >> Modified files: > >> sys/netinet6 route6.c > >> Log: > >> Turn off route header processing for now due to issues pointed out > >> by Philippe Biondi and Arnaud Ebalard. This is a temporary fix > >> until more discussion can be had on the exact risks involved in > >> allowing source routing in IPv6 > >> > >> Submitted by: itojun > >> Reviewed by: jinmei > >> MFC after: 1 day > >> > >> Revision Changes Path > >> 1.13 +7 -0 src/sys/netinet6/route6.c > > > > I forgot to mention (and not George's issue) is that a bit of work is > > needed on ipfw for IPv6 data types. I have hit several issues which I > > worked around, but, ATM, it can't differentiate between RH0 and RH2 in a > > filter. > > Just a five-minute-o-patch. I have not even compile time tested it. > > 'route' will still match any routing header. > 'rh0' should match rh0, and 'rh2' should match rh2. > > http://sources.zabbadoz.net/freebsd/ipv6/patches/patch-20070423-ipfw-rh2.patch > > Let me know if it works (or not;-) Seems to be working, but I am on travel (at a networking meeting) and not in my usual environment, so I have done only trivial testing. I won't be able to test it beyond saying that it builds and I can write a rule to use it. I can't generate any packets with RH0 to confirm that it is actually filtering anything. (At least it does not seem to break anything.) Thanks, Bjoern! -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 --==_Exmh_1177425886_22570P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) Comment: Exmh version 2.5 06/03/2002 iD8DBQFGLhfekn3rs5h7N1ERAtdpAKCX9jliXG3ixGknIzrJhXwylZjvAwCfVegg gFg858Ta60D/lAbClVs6/dM= =F2+d -----END PGP SIGNATURE----- --==_Exmh_1177425886_22570P--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070424144446.2BA6D45058>