Date: Tue, 11 Jul 2023 15:00:09 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 66f2f9ee0877 - main - ipfw: teach ipfw that pfsync is an upper layer protocol Message-ID: <202307111500.36BF09Uk095618@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=66f2f9ee08770f2d2ad7de4dbb07ed77fb870a0f commit 66f2f9ee08770f2d2ad7de4dbb07ed77fb870a0f Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2023-07-11 10:37:17 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2023-07-11 12:59:08 +0000 ipfw: teach ipfw that pfsync is an upper layer protocol Explicitly add pfsync as a know upper layer protocol so we don't automatically discard pfsync packets (carried over IPv6). net.inet6.ip6.fw.deny_unknown_exthdrs defaults to 1, so even if net.inet.ip.fw.default_to_accept is set to 1 we'd discard pfsync (over IPv6). Reviewed by: ae Differential Revision: https://reviews.freebsd.org/D40973 --- sys/netpfil/ipfw/ip_fw2.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index 766b978fbaf5..41420563ab5b 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -69,6 +69,7 @@ __FBSDID("$FreeBSD$"); #include <net/route/nhop.h> #include <net/pfil.h> #include <net/vnet.h> +#include <net/if_pfsync.h> #include <netpfil/pf/pf_mtag.h> @@ -1718,6 +1719,10 @@ do { \ PULLUP_TO(hlen, ulp, struct ip); break; + case IPPROTO_PFSYNC: + PULLUP_TO(hlen, ulp, struct pfsync_header); + break; + default: if (V_fw_verbose) printf("IPFW2: IPV6 - Unknown "
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202307111500.36BF09Uk095618>