Date: Tue, 1 Aug 2017 13:15:30 +0000 (UTC) From: Philip Paeps <philip@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r321873 - stable/10/sys/netpfil/ipfw Message-ID: <201708011315.v71DFUQf039447@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: philip Date: Tue Aug 1 13:15:30 2017 New Revision: 321873 URL: https://svnweb.freebsd.org/changeset/base/321873 Log: MFC r320941: Fix GRE over IPv6 tunnels with IPFW Previously, GRE packets in IPv6 tunnels would be dropped by IPFW (unless net.inet6.ip6.fw.deny_unknown_exthdrs was unset). PR: 220640 Submitted by: Kun Xie <kxie@xiplink.com> Modified: stable/10/sys/netpfil/ipfw/ip_fw2.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- stable/10/sys/netpfil/ipfw/ip_fw2.c Tue Aug 1 13:07:54 2017 (r321872) +++ stable/10/sys/netpfil/ipfw/ip_fw2.c Tue Aug 1 13:15:30 2017 (r321873) @@ -87,6 +87,8 @@ __FBSDID("$FreeBSD$"); #include <netinet6/ip6_var.h> #endif +#include <net/if_gre.h> /* for struct grehdr */ + #include <netpfil/ipfw/ip_fw_private.h> #include <machine/in_cksum.h> /* XXX for in_cksum */ @@ -1141,6 +1143,11 @@ do { \ case IPPROTO_PIM: /* XXX PIM header check? */ PULLUP_TO(hlen, ulp, struct pim); + break; + + case IPPROTO_GRE: /* RFC 1701 */ + /* XXX GRE header check? */ + PULLUP_TO(hlen, ulp, struct grehdr); break; case IPPROTO_CARP:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201708011315.v71DFUQf039447>