Date: Thu, 01 Mar 2001 13:01:39 +0900 From: itojun@iijlab.net To: Hajimu UMEMOTO <ume@mahoroba.org> Cc: Arjan.deVet@adv.iae.nl, n@nectar.com, freebsd@dohd.org, rasputin@FreeBSD-uk.eu.org, freebsd-security@freebsd.org, darrenr@freebsd.org Subject: Re: IPFILTER IPv6 support non-functional? Message-ID: <14300.983419299@coconut.itojun.org> In-Reply-To: ume's message of Thu, 01 Mar 2001 04:58:25 JST. <20010301.045825.71113666.ume@mahoroba.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>> Would the KAME people have problems integrating this patch to enable >> IPv6 for IP-filter? >I believe KAME doesn't maintain IP-filter at all. But, itojun said >that calculation of payload length is wrong. yup, that is what i saw in the latest. also ipf does not chase extension headers, so even if you try to filter tcp, "tcp with routing header" will go through. not sure how should we model filter languages in presense of header chain. I guess it safer to enable it in main trunk, and get it tested against IPv6 traffic for some time. it looks that there's too little time for 4.3 to have IPv6 ipf enabled. itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14300.983419299>