From owner-freebsd-current@FreeBSD.ORG Sun Jun 12 16:38:05 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8348D16A422; Sun, 12 Jun 2005 16:38:05 +0000 (GMT) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4293043E14; Sun, 12 Jun 2005 16:34:10 +0000 (GMT) (envelope-from max@love2party.net) Received: from p54A3C3C9.dip.t-dialin.net [84.163.195.201] (helo=donor.laier.local) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0MKwtQ-1DhVPV0Ffo-00013f; Sun, 12 Jun 2005 18:34:09 +0200 From: Max Laier To: freebsd-current@freebsd.org Date: Sun, 12 Jun 2005 18:33:54 +0200 User-Agent: KMail/1.8 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart6079990.JVTdZoh8OC"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200506121834.02020.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 Cc: freebsd-ipfw@freebsd.org Subject: Fwd: cvs commit: src/sys/netinet ip_fw2.c X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jun 2005 16:38:05 -0000 --nextPart6079990.JVTdZoh8OC Content-Type: multipart/mixed; boundary="Boundary-01=_0PGrC/u4C6yc+AM" Content-Transfer-Encoding: 7bit Content-Disposition: inline --Boundary-01=_0PGrC/u4C6yc+AM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline All, if you are relying on IPFW2's new IPv6 capabilities as your IPv6 packet=20 filter, it's time to update. The commit below fixes a problem with in the= =20 code that would match random IPv6 packets to IPv4 rules. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-01=_0PGrC/u4C6yc+AM Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Description: Max Laier : cvs commit: src/sys/netinet ip_fw2.c Content-Disposition: inline; filename*= Return-Path: Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 51960 invoked by alias); 12 Jun 2005 16:27:44 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 51957 invoked from network); 12 Jun 2005 16:27:44 -0000 Received: from mx2.freebsd.org (216.136.204.119) by p54a3c3c9.dip.t-dialin.net with SMTP; 12 Jun 2005 16:27:44 -0000 Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 0D70558DAF for ; Sun, 12 Jun 2005 16:27:17 +0000 (GMT) (envelope-from owner-src-committers@FreeBSD.org) Received: by hub.freebsd.org (Postfix) id 7514516A480; Sun, 12 Jun 2005 16:27:13 +0000 (GMT) Delivered-To: mlaier@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 538) id 5FEE116A420; Sun, 12 Jun 2005 16:27:11 +0000 (GMT) X-Original-To: src-committers@FreeBSD.org Delivered-To: src-committers@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB5D116A41C; Sun, 12 Jun 2005 16:27:10 +0000 (GMT) (envelope-from mlaier@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 725C743D1F; Sun, 12 Jun 2005 16:27:10 +0000 (GMT) (envelope-from mlaier@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j5CGRAFg090004; Sun, 12 Jun 2005 16:27:10 GMT (envelope-from mlaier@repoman.freebsd.org) Received: (from mlaier@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j5CGRAMe090003; Sun, 12 Jun 2005 16:27:10 GMT (envelope-from mlaier) Message-Id: <200506121627.j5CGRAMe090003@repoman.freebsd.org> From: Max Laier Date: Sun, 12 Jun 2005 16:27:10 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet ip_fw2.c X-FreeBSD-CVS-Branch: HEAD Sender: owner-src-committers@FreeBSD.org Precedence: bulk X-Loop: FreeBSD.ORG Content-Type: X-UID: 30203 X-Length: 2823 mlaier 2005-06-12 16:27:10 UTC FreeBSD src repository Modified files: sys/netinet ip_fw2.c Log: When doing matching based on dst_ip/src_ip make sure we are really looking on an IPv4 packet as these variables are uninitialized if not. This used to allow arbitrary IPv6 packets depending on the value in the uninitialized variables. Some opcodes (most noteably O_REJECT) do not support IPv6 at all right now. Reviewed by: brooks, glebius Security: IPFW might pass IPv6 packets depending on stack contents. Approved by: re (blanket) Revision Changes Path 1.102 +13 -10 src/sys/netinet/ip_fw2.c --Boundary-01=_0PGrC/u4C6yc+AM-- --nextPart6079990.JVTdZoh8OC Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQBCrGP5XyyEoT62BG0RApU5AJsFZZm4zlb6hF/yw8M33NsqE/CkZgCeN0+w tQeouPZfZc+e/XBfbo3oa60= =Qq/k -----END PGP SIGNATURE----- --nextPart6079990.JVTdZoh8OC--