> Date: Mon, 23 Apr 2007 20:32:10 +0000 (UTC) > From: "Bjoern A. Zeeb" <[EMAIL PROTECTED]> > > On Mon, 23 Apr 2007, Kevin Oberman wrote: > > Hi, > > >> From: "George V. Neville-Neil" <[EMAIL PROTECTED]> > >> Date: Mon, 23 Apr 2007 09:32:04 +0000 (UTC) > >> Sender: [EMAIL PROTECTED] > >> > >> gnn 2007-04-23 09:32:04 UTC > >> > >> FreeBSD src repository > >> > >> Modified files: > >> sys/netinet6 route6.c > >> Log: > >> Turn off route header processing for now due to issues pointed out > >> by Philippe Biondi and Arnaud Ebalard. This is a temporary fix > >> until more discussion can be had on the exact risks involved in > >> allowing source routing in IPv6 > >> > >> Submitted by: itojun > >> Reviewed by: jinmei > >> MFC after: 1 day > >> > >> Revision Changes Path > >> 1.13 +7 -0 src/sys/netinet6/route6.c > > > > I forgot to mention (and not George's issue) is that a bit of work is > > needed on ipfw for IPv6 data types. I have hit several issues which I > > worked around, but, ATM, it can't differentiate between RH0 and RH2 in a > > filter. > > Just a five-minute-o-patch. I have not even compile time tested it. > > 'route' will still match any routing header. > 'rh0' should match rh0, and 'rh2' should match rh2. > > http://sources.zabbadoz.net/freebsd/ipv6/patches/patch-20070423-ipfw-rh2.patch > > Let me know if it works (or not;-)
Seems to be working, but I am on travel (at a networking meeting) and not in my usual environment, so I have done only trivial testing. I won't be able to test it beyond saying that it builds and I can write a rule to use it. I can't generate any packets with RH0 to confirm that it is actually filtering anything. (At least it does not seem to break anything.) Thanks, Bjoern! -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
pgpA2m7i2w3y9.pgp
Description: PGP signature
