From owner-freebsd-security  Wed Feb 28 11:50:48 2001
Delivered-To: freebsd-security@freebsd.org
Received: from news.IAEhv.nl (news.IAE.nl [194.151.64.4])
	by hub.freebsd.org (Postfix) with ESMTP
	id D4D6A37B718; Wed, 28 Feb 2001 11:50:40 -0800 (PST)
	(envelope-from Arjan.deVet@adv.iae.nl)
Received: (from uucp@localhost)
	by news.IAEhv.nl (8.9.1/8.9.1) with IAEhv.nl id UAA23247;
	Wed, 28 Feb 2001 20:49:16 +0100 (MET)
Received: by adv.devet.org (Postfix, from userid 100)
	id A41E43EB9; Wed, 28 Feb 2001 20:49:03 +0100 (CET)
Date: Wed, 28 Feb 2001 20:49:03 +0100
To: "Jacques A. Vidrine" <n@nectar.com>,
	Mark Huizer <freebsd@dohd.org>
Cc: Hajimu UMEMOTO <ume@imasy.or.jp>, rasputin@FreeBSD-uk.eu.org,
	freebsd-security@freebsd.org, darrenr@freebsd.org
Subject: Re: IPFILTER IPv6 support non-functional? (was Re: IPF and IPv6)
Message-ID: <20010228204903.A7822@adv.devet.org>
References: <20010227152544.A69259@dogma.freebsd-uk.eu.org> <20010227210734.A27354@adv.devet.org> <20010228.185102.92589032.ume@imasy.or.jp> <20010228094504.A56540@hamlet.nectar.com> <20010228181426.A9026@dohd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010228181426.A9026@dohd.org>; from freebsd@dohd.org on Wed, Feb 28, 2001 at 06:14:26PM +0100
From: Arjan.deVet@adv.iae.nl (Arjan de Vet)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Mark Huizer wrote:

>I (and Guido van Rooij) had a look at this during a boring meeting some
>time ago, but it seems there were a few patches missing in the -current
>tree (something like the stuff in ipv6-patch in the FreeBSD-4.0
>directory).

Indeed. That piece of code is not present in both -current and -stable.

The ipv6-patch-4.1 file from the ipfilter distribution patches without
problems and I've checked that the -stable kernel compiles with INET6
and IPFILTER enabled. I don't have an IPv6 setup myself so I cannot test
it.

>But for the record: no, ipfilter doesn't work with filtering
>IPv6 in the current setup in FreeBSD -current

The missing code from that patch would indeed explain that.

Would the KAME people have problems integrating this patch to enable
IPv6 for IP-filter?

Arjan

-- 
Arjan de Vet, Eindhoven, The Netherlands              <Arjan.deVet@adv.iae.nl>
URL: http://www.iae.nl/users/devet/           for PGP key: finger devet@iae.nl

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message