From owner-cvs-src@FreeBSD.ORG Tue Apr 24 15:00:14 2007 Return-Path: X-Original-To: cvs-src@FreeBSD.org Delivered-To: cvs-src@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 03A4116A404 for ; Tue, 24 Apr 2007 15:00:14 +0000 (UTC) (envelope-from SRS1=f25f6b93e5520e90c19025f87e2b1ea9f3dd22b0=es.net==f25f6b93e5520e90c19025f87e2b1ea9f3dd22b0=315=es.net=oberman@es.net) Received: from postal1.es.net (postal1.es.net [198.128.3.205]) by mx1.freebsd.org (Postfix) with ESMTP id 708FE13C45B for ; Tue, 24 Apr 2007 15:00:02 +0000 (UTC) (envelope-from SRS1=f25f6b93e5520e90c19025f87e2b1ea9f3dd22b0=es.net==f25f6b93e5520e90c19025f87e2b1ea9f3dd22b0=315=es.net=oberman@es.net) Received: from postal1.es.net (postal4.es.net [198.124.252.66]) by postal1.es.net (Postal Node 1) with ESMTP (SSL) id DSQ95648 for ; Tue, 24 Apr 2007 07:44:48 -0700 Received: from ptavv.es.net (ptavv.es.net [198.128.4.29]) by postal4.es.net (Postal Node 4) with ESMTP (SSL) id DSQ36647; Tue, 24 Apr 2007 07:44:47 -0700 Received: from ptavv.es.net (ptavv.es.net [127.0.0.1]) by ptavv.es.net (Tachyon Server) with ESMTP id 2BA6D45058; Tue, 24 Apr 2007 07:44:46 -0700 (PDT) To: "Bjoern A. Zeeb" In-Reply-To: Your message of "Mon, 23 Apr 2007 20:32:10 -0000." <20070423202957.W36917@maildrop.int.zabbadoz.net> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1177425886_22570P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Tue, 24 Apr 2007 07:44:46 -0700 From: "Kevin Oberman" Message-Id: <20070424144446.2BA6D45058@ptavv.es.net> Cc: "George V. Neville-Neil" , src-committers@FreeBSD.org, cvs-all@FreeBSD.org, cvs-src@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet6 route6.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Apr 2007 15:00:14 -0000 --==_Exmh_1177425886_22570P Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > Date: Mon, 23 Apr 2007 20:32:10 +0000 (UTC) > From: "Bjoern A. Zeeb" > > On Mon, 23 Apr 2007, Kevin Oberman wrote: > > Hi, > > >> From: "George V. Neville-Neil" > >> Date: Mon, 23 Apr 2007 09:32:04 +0000 (UTC) > >> Sender: owner-cvs-all@freebsd.org > >> > >> gnn 2007-04-23 09:32:04 UTC > >> > >> FreeBSD src repository > >> > >> Modified files: > >> sys/netinet6 route6.c > >> Log: > >> Turn off route header processing for now due to issues pointed out > >> by Philippe Biondi and Arnaud Ebalard. This is a temporary fix > >> until more discussion can be had on the exact risks involved in > >> allowing source routing in IPv6 > >> > >> Submitted by: itojun > >> Reviewed by: jinmei > >> MFC after: 1 day > >> > >> Revision Changes Path > >> 1.13 +7 -0 src/sys/netinet6/route6.c > > > > I forgot to mention (and not George's issue) is that a bit of work is > > needed on ipfw for IPv6 data types. I have hit several issues which I > > worked around, but, ATM, it can't differentiate between RH0 and RH2 in a > > filter. > > Just a five-minute-o-patch. I have not even compile time tested it. > > 'route' will still match any routing header. > 'rh0' should match rh0, and 'rh2' should match rh2. > > http://sources.zabbadoz.net/freebsd/ipv6/patches/patch-20070423-ipfw-rh2.patch > > Let me know if it works (or not;-) Seems to be working, but I am on travel (at a networking meeting) and not in my usual environment, so I have done only trivial testing. I won't be able to test it beyond saying that it builds and I can write a rule to use it. I can't generate any packets with RH0 to confirm that it is actually filtering anything. (At least it does not seem to break anything.) Thanks, Bjoern! -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 --==_Exmh_1177425886_22570P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) Comment: Exmh version 2.5 06/03/2002 iD8DBQFGLhfekn3rs5h7N1ERAtdpAKCX9jliXG3ixGknIzrJhXwylZjvAwCfVegg gFg858Ta60D/lAbClVs6/dM= =F2+d -----END PGP SIGNATURE----- --==_Exmh_1177425886_22570P--