From owner-freebsd-ipfw@FreeBSD.ORG  Thu May 11 17:20:31 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@hub.freebsd.org
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4923416A686
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu, 11 May 2006 17:20:31 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C52C743E4D
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu, 11 May 2006 17:20:21 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k4BHKFRM043939
	for <freebsd-ipfw@freefall.freebsd.org>; Thu, 11 May 2006 17:20:15 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k4BHKFgj043938;
	Thu, 11 May 2006 17:20:15 GMT (envelope-from gnats)
Date: Thu, 11 May 2006 17:20:15 GMT
Message-Id: <200605111720.k4BHKFgj043938@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: Joost Bekkers <joost@jodocus.org>
Cc: 
Subject: Re: kern/88664: [ipfw] ipfw stateful firewalling broken with IPv6
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Joost Bekkers <joost@jodocus.org>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 11 May 2006 17:20:34 -0000

The following reply was made to PR kern/88664; it has been noted by GNATS.

From: Joost Bekkers <joost@jodocus.org>
To: bug-followup@FreeBSD.org, jylefort@FreeBSD.org
Cc:  
Subject: Re: kern/88664: [ipfw] ipfw stateful firewalling broken with IPv6
Date: Thu, 11 May 2006 18:58:46 +0200

 The included patch fixes the problem, well for me anyway.
 
 Can somebody check if this is 'the right thing' (tm) ?
 
 
 --- ip_fw2.c-6.1R	Thu May 11 18:02:22 2006
 +++ ip_fw2.c	Thu May 11 17:59:34 2006
 @@ -671,17 +671,21 @@
  static __inline int
  hash_packet6(struct ipfw_flow_id *id)
  {
  	u_int32_t i;
  	i = (id->dst_ip6.__u6_addr.__u6_addr32[0]) ^
  	    (id->dst_ip6.__u6_addr.__u6_addr32[1]) ^
  	    (id->dst_ip6.__u6_addr.__u6_addr32[2]) ^
  	    (id->dst_ip6.__u6_addr.__u6_addr32[3]) ^
 -	    (id->dst_port) ^ (id->src_port) ^ (id->flow_id6);
 +	    (id->src_ip6.__u6_addr.__u6_addr32[0]) ^
 +	    (id->src_ip6.__u6_addr.__u6_addr32[1]) ^
 +	    (id->src_ip6.__u6_addr.__u6_addr32[2]) ^
 +	    (id->src_ip6.__u6_addr.__u6_addr32[3]) ^
 +	    (id->dst_port) ^ (id->src_port);
  	return i;
  }
  
  static int
  is_icmp6_query(int icmp6_type)
  {
  	if ((icmp6_type <= ICMP6_MAXTYPE) &&
  	    (icmp6_type == ICMP6_ECHO_REQUEST ||
 
 -- 
 greetz Joost
 joost@jodocus.org