Author: philip
Date: Tue Aug 1 13:40:37 2017
New Revision: 321874
URL: https://svnweb.freebsd.org/changeset/base/321874
Log:
MFC r320941: Fix GRE over IPv6 tunnels with IPFW
Previously, GRE packets in IPv6 tunnels would be dropped by IPFW (unless
net.inet6.ip6.fw.deny_unknown_exthdrs was unset).
PR: 220640
Submitted by: Kun Xie <k...@xiplink.com>
Modified:
stable/9/sys/netpfil/ipfw/ip_fw2.c
Directory Properties:
stable/9/sys/ (props changed)
stable/9/sys/netpfil/ (props changed)
Modified: stable/9/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- stable/9/sys/netpfil/ipfw/ip_fw2.c Tue Aug 1 13:15:30 2017
(r321873)
+++ stable/9/sys/netpfil/ipfw/ip_fw2.c Tue Aug 1 13:40:37 2017
(r321874)
@@ -86,6 +86,8 @@ __FBSDID("$FreeBSD$");
#include <netinet6/ip6_var.h>
#endif
+#include <net/if_gre.h> /* for struct gre_h */
+
#include <netpfil/ipfw/ip_fw_private.h>
#include <machine/in_cksum.h> /* XXX for in_cksum */
@@ -1142,6 +1144,11 @@ do {
\
case IPPROTO_PIM:
/* XXX PIM header check? */
PULLUP_TO(hlen, ulp, struct pim);
+ break;
+
+ case IPPROTO_GRE: /* RFC 1701 */
+ /* XXX GRE header check? */
+ PULLUP_TO(hlen, ulp, struct gre_h);
break;
case IPPROTO_CARP:
_______________________________________________
svn-src-stable-9@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-9
To unsubscribe, send any mail to "svn-src-stable-9-unsubscr...@freebsd.org"
