Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 12 Jul 2019 02:14:45 +0000
From:      bugzilla-noreply@freebsd.org
To:        ipfw@FreeBSD.org
Subject:   [Bug 203585] update 235959 and 235961 breaks ipv6 layer 4 checksums in ipf
Message-ID:  <bug-203585-8303-TkoBsuQq7h@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-203585-8303@https.bugs.freebsd.org/bugzilla/>
References:  <bug-203585-8303@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D203585

--- Comment #5 from commit-hook@freebsd.org ---
A commit references this bug:

Author: cy
Date: Fri Jul 12 02:14:07 UTC 2019
New revision: 349931
URL: https://svnweb.freebsd.org/changeset/base/349931

Log:
  MFC r349927, r349929:

  r349927:
    Resolve IPv6 checksum errors with stateful inspection. According to
    PR/203585 this appears to have been broken by r235959, which predates
    the ipfilter 5.1.2 import into FreeBSD.

    The IPv6 checksum calculation is incorrect. To resolve this we call
    in6_cksum() to do the the heavy lifting for us, through a new function
    ipf_pcksum6(). Should we need to revisit this area again, a DTrace probe
    is added to aid with future debugging.

    Plus whitespace adjustments (r348989).

    PR:         203275, 203585
    Differential Revision:      https://reviews.freebsd.org/D20583

  r349929:
    Move the new ipf_pcksum6() function from ip_fil_freebsd.c to fil.c.
    The reason for this is that ipftest(8), which still works on FreeBSD-11,
    fails to link to it, breaking stable/11 builds.

    ipftest(8) was broken (segfault) sometime during the FreeBSD-12 cycle.
    glebius@ suggested we disable building it until I can get around to
    fixing it. Hence this was not caught in -current.

    The intention is to fix ipftest(8) as it is used by the netbsd-tests
    (imported by ngie@ many moons ago) for regression testing.

Changes:
_U  stable/10/
  stable/10/sys/contrib/ipfilter/netinet/fil.c
  stable/10/sys/contrib/ipfilter/netinet/ip_fil.h
  stable/10/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
_U  stable/11/
  stable/11/sys/contrib/ipfilter/netinet/fil.c
  stable/11/sys/contrib/ipfilter/netinet/ip_fil.h
  stable/11/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-203585-8303-TkoBsuQq7h>