Date: Fri, 04 Mar 2011 19:51:34 +0100 From: Bjorn Danielsson <fbsd@50days.dax.nu> To: <freebsd-ipfw@freebsd.org> Cc: Sergey Matveychuk <sem33@yandex-team.ru> Subject: Re: kern/128260: [ipfw] [patch] ipfw_divert damages IPv6 packets Message-ID: <yqflj0u90sp.fsf@knights-who-say-ni>
next in thread | raw e-mail | index | archive | help
Sergey Matveychuk <sem33@yandex-team.ru> wrote: > Here is my patch for IPv6 divert. It works for me, but it should be > reviewed and may be improved. > > I've touched nd6.c to prevent looping packet to local address (loopback). > > Any questions are welcome. I needed one more change for my "options IPDIVERT" enabled kernel: #include "opt_inet6.h" which I put right after "opt_inet.h" under the !defined(KLD_MODULE) condition at the beginning of netinet/ip_divert.c. Without this change my divert socket could read but not write IPv6 packets. I am not familiar with the FreeBSD kernel so this was based on a guess after noticing how INET6 was handled in other places. Both copying the incoming sockaddr_in and creating a new one using INADDR_ANY seems to work in sendto(), after this change. I haven't tried any packet rewriting yet but I'll be testing that very soon. Many thanks Sergey for contributing this patch!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?yqflj0u90sp.fsf>