Date: Thu, 01 Mar 2001 04:58:25 +0900 (JST) From: Hajimu UMEMOTO <ume@mahoroba.org> To: Arjan.deVet@adv.iae.nl Cc: itojun@iijlab.net Subject: Re: IPFILTER IPv6 support non-functional? Message-ID: <20010301.045825.71113666.ume@mahoroba.org> In-Reply-To: <20010228204903.A7822@adv.devet.org> References: <20010228094504.A56540@hamlet.nectar.com> <20010228181426.A9026@dohd.org> <20010228204903.A7822@adv.devet.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Wed, 28 Feb 2001 20:49:03 +0100
>>>>> Arjan de Vet <Arjan.deVet@adv.iae.nl> said:
Arjan.deVet> Mark Huizer wrote:
>I (and Guido van Rooij) had a look at this during a boring meeting some
>time ago, but it seems there were a few patches missing in the -current
>tree (something like the stuff in ipv6-patch in the FreeBSD-4.0
>directory).
Arjan.deVet> Indeed. That piece of code is not present in both -current and -stable.
Arjan.deVet> The ipv6-patch-4.1 file from the ipfilter distribution patches without
Arjan.deVet> problems and I've checked that the -stable kernel compiles with INET6
Arjan.deVet> and IPFILTER enabled. I don't have an IPv6 setup myself so I cannot test
Arjan.deVet> it.
>But for the record: no, ipfilter doesn't work with filtering
>IPv6 in the current setup in FreeBSD -current
Arjan.deVet> The missing code from that patch would indeed explain that.
Arjan.deVet> Would the KAME people have problems integrating this patch to enable
Arjan.deVet> IPv6 for IP-filter?
I believe KAME doesn't maintain IP-filter at all. But, itojun said
that calculation of payload length is wrong.
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010301.045825.71113666.ume>