Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 04 Mar 2011 19:51:34 +0100
From:      Bjorn Danielsson <fbsd@50days.dax.nu>
To:        <freebsd-ipfw@freebsd.org>
Cc:        Sergey Matveychuk <sem33@yandex-team.ru>
Subject:   Re: kern/128260: [ipfw] [patch] ipfw_divert damages IPv6 packets
Message-ID:  <yqflj0u90sp.fsf@knights-who-say-ni>

Next in thread | Raw E-Mail | Index | Archive | Help
Sergey Matveychuk <sem33@yandex-team.ru> wrote:
> Here is my patch for IPv6 divert. It works for me, but it should be 
> reviewed and may be improved.
> 
> I've touched nd6.c to prevent looping packet to local address (loopback).
> 
> Any questions are welcome.

I needed one more change for my "options IPDIVERT" enabled kernel:

#include "opt_inet6.h"

which I put right after "opt_inet.h" under the !defined(KLD_MODULE)
condition at the beginning of netinet/ip_divert.c. Without this
change my divert socket could read but not write IPv6 packets.

I am not familiar with the FreeBSD kernel so this was based on
a guess after noticing how INET6 was handled in other places.

Both copying the incoming sockaddr_in and creating a new one using
INADDR_ANY seems to work in sendto(), after this change. I haven't
tried any packet rewriting yet but I'll be testing that very soon.

Many thanks Sergey for contributing this patch!




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?yqflj0u90sp.fsf>