From owner-freebsd-bugs@FreeBSD.ORG Wed Nov 23 21:51:16 2005 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B08F416A43A for ; Wed, 23 Nov 2005 21:51:16 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 43A6443DB1 for ; Wed, 23 Nov 2005 21:50:21 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jANLoFoP016459 for ; Wed, 23 Nov 2005 21:50:15 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jANLoFpT016458; Wed, 23 Nov 2005 21:50:15 GMT (envelope-from gnats) Resent-Date: Wed, 23 Nov 2005 21:50:15 GMT Resent-Message-Id: <200511232150.jANLoFpT016458@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Gael Roualland Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 12BF516A41F for ; Wed, 23 Nov 2005 21:41:53 +0000 (GMT) (envelope-from gael.roualland@dial.oleane.com) Received: from tom.weedns.com (gre92-1-81-57-176-124.fbx.proxad.net [81.57.176.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 118C843D67 for ; Wed, 23 Nov 2005 21:41:51 +0000 (GMT) (envelope-from gael.roualland@dial.oleane.com) Received: from jerry.priv (localhost [127.0.0.1]) by tom.weedns.com (8.13.1/8.13.1) with ESMTP id jANLh7LW022903 for ; Wed, 23 Nov 2005 22:43:07 +0100 (CET) Received: (from gael@localhost) by jerry.priv (8.13.1/8.13.1/Submit) id jANLh7x3022902; Wed, 23 Nov 2005 22:43:07 +0100 (CET) Message-Id: <200511232143.jANLh7x3022902@jerry.priv> Date: Wed, 23 Nov 2005 22:43:07 +0100 (CET) From: Gael Roualland To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: bin/89472: ipfw2 no longer supports filtering IPv6-over-IPv4 on 6.0-RELEASE X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Nov 2005 21:51:16 -0000 >Number: 89472 >Category: bin >Synopsis: ipfw2 no longer supports filtering IPv6-over-IPv4 on 6.0-RELEASE >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Nov 23 21:50:15 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Gael Roualland >Release: FreeBSD 6.0-RELEASE i386 >Organization: >Environment: System: FreeBSD jerry.priv 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Sat Nov 19 20:48:17 CET 2005 gael@jerry:/home/cvsup/obj/home/cvsup/src/sys/JERRY i386 >Description: Before ipfw2 knows about IPv6, it was possible to filter IPv6 traffic which was tunneled in IPv4 by doing something as ipfw add allow ipv6 from a.b.c.d to me where a.b.c.d was the tunnel end. Now that ipfw2 does ipv6, such a line is interpreted as being an IPv6 rule, and is rejected since the specified IP address is not an IPv6. The alternate syntax 'allow ip from a.b.c.d to me proto ipv6' is accepted by ipfw, but does not work in the kernel since the first proto test (IPv4) does not match the extracted protocol of the packet (IPv6) >How-To-Repeat: ipfw add allow ipv6 from a.b.c.d to me >Fix: Workaround : change the "ipv6" protocol to "all", and trust the end of the tunnel... The real fix would IMHO to add a different test for the inner protocol carried by a packet in addition to the protocol packet itself. >Release-Note: >Audit-Trail: >Unformatted: