Date: Tue, 14 Jun 2011 16:44:54 +0200 From: crest <crest@informatik.uni-bremen.de> To: freebsd-ipfw@freebsd.org Subject: Re: kern/157239: [ipfw] [dummynet] ipfw + dummynet corrupts ipv6 packets Message-ID: <B4003759-75D3-4663-87E0-FD9374227D60@informatik.uni-bremen.de> In-Reply-To: <CB5F654C-227D-43C0-8A13-F57C19A1861C@informatik.uni-bremen.de> References: <201106041300.p54D0Oji030792@freefall.freebsd.org> <CB5F654C-227D-43C0-8A13-F57C19A1861C@informatik.uni-bremen.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06.06.2011, at 19:30, crest wrote: >=20 > On 04.06.2011, at 15:00, Manuel Kasper wrote: >=20 >> The following reply was made to PR kern/157239; it has been noted by = GNATS. >>=20 >> Also, I believe I've found the cause: ipfw/dummynet code uses =3D >> SET_HOST_IPLEN on IPv6 packets in two instances, thus inadvertently =3D= >> swapping the next header and hop limit fields in the IPv6 header, =3D >> causing the "Unknown Extension Header" warnings and dropped packets = (or =3D >> bad packets appearing on the wire if =3D >> net.inet6.ip6.fw.deny_unknown_exthdrs=3D3D0). >>=20 >> A patch against 8.2-RELEASE that fixes this issue for me is attached = - =3D >> Jan, could you please verify if this fixes the issue for you too? >=20 > I tested the patch and it solved the problem for a simple test setup. = I'll test it in a more complex setup this evening/ night (TZ=3DCEST). I tried the patch on 3 Boxes (2 x amd64, 1 x i386). The patch solves the = reported problem. I detected no regression.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B4003759-75D3-4663-87E0-FD9374227D60>