From owner-freebsd-ipfw@FreeBSD.ORG  Wed Jun 15 16:24:15 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BF5E9106564A
	for <freebsd-ipfw@freebsd.org>; Wed, 15 Jun 2011 16:24:15 +0000 (UTC)
	(envelope-from crest@informatik.uni-bremen.de)
Received: from informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de
	[134.102.201.18])
	by mx1.freebsd.org (Postfix) with ESMTP id 4F9698FC13
	for <freebsd-ipfw@freebsd.org>; Wed, 15 Jun 2011 16:24:13 +0000 (UTC)
Received: from smtp-fb3.informatik.uni-bremen.de
	(smtp-fb3.informatik.uni-bremen.de [134.102.224.120])
	by informatik.uni-bremen.de (8.14.3/8.14.3) with ESMTP id
	p5EEitGq027621
	for <freebsd-ipfw@freebsd.org>; Tue, 14 Jun 2011 16:44:55 +0200 (CEST)
Received: from eduroam-0977.wlan.uni-bremen.de
	(eduroam-0977.wlan.uni-bremen.de [134.102.19.209])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id 438B1581
	for <freebsd-ipfw@freebsd.org>; Tue, 14 Jun 2011 16:44:55 +0200 (CEST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Apple Message framework v1084)
From: crest <crest@informatik.uni-bremen.de>
In-Reply-To: <CB5F654C-227D-43C0-8A13-F57C19A1861C@informatik.uni-bremen.de>
Date: Tue, 14 Jun 2011 16:44:54 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <B4003759-75D3-4663-87E0-FD9374227D60@informatik.uni-bremen.de>
References: <201106041300.p54D0Oji030792@freefall.freebsd.org>
	<CB5F654C-227D-43C0-8A13-F57C19A1861C@informatik.uni-bremen.de>
To: freebsd-ipfw@freebsd.org
X-Mailer: Apple Mail (2.1084)
Subject: Re: kern/157239: [ipfw] [dummynet] ipfw + dummynet corrupts ipv6
	packets
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2011 16:24:15 -0000


On 06.06.2011, at 19:30, crest wrote:

>=20
> On 04.06.2011, at 15:00, Manuel Kasper wrote:
>=20
>> The following reply was made to PR kern/157239; it has been noted by =
GNATS.
>>=20
>> Also, I believe I've found the cause: ipfw/dummynet code uses =3D
>> SET_HOST_IPLEN on IPv6 packets in two instances, thus inadvertently =3D=

>> swapping the next header and hop limit fields in the IPv6 header, =3D
>> causing the "Unknown Extension Header" warnings and dropped packets =
(or =3D
>> bad packets appearing on the wire if =3D
>> net.inet6.ip6.fw.deny_unknown_exthdrs=3D3D0).
>>=20
>> A patch against 8.2-RELEASE that fixes this issue for me is attached =
- =3D
>> Jan, could you please verify if this fixes the issue for you too?
>=20
> I tested the patch and it solved the problem for a simple test setup. =
I'll test it in a more complex setup this evening/ night (TZ=3DCEST).

I tried the patch on 3 Boxes (2 x amd64, 1 x i386). The patch solves the =
reported problem. I detected no regression.=