From owner-freebsd-ipfw@FreeBSD.ORG  Sun Nov 27 05:10:16 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@hub.freebsd.org
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C579516A420
	for <freebsd-ipfw@hub.freebsd.org>;
	Sun, 27 Nov 2005 05:10:16 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 16FB043D45
	for <freebsd-ipfw@hub.freebsd.org>;
	Sun, 27 Nov 2005 05:10:16 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jAR5AFND034871
	for <freebsd-ipfw@freefall.freebsd.org>; Sun, 27 Nov 2005 05:10:15 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jAR5AFx7034870;
	Sun, 27 Nov 2005 05:10:15 GMT (envelope-from gnats)
Date: Sun, 27 Nov 2005 05:10:15 GMT
Message-Id: <200511270510.jAR5AFx7034870@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: Hajimu UMEMOTO <ume@freebsd.org>
Cc: 
Subject: Re: kern/89472: ipfw2 no longer supports filtering IPv6-over-IPv4
	on 6.0-RELEASE
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Hajimu UMEMOTO <ume@freebsd.org>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Nov 2005 05:10:16 -0000

The following reply was made to PR kern/89472; it has been noted by GNATS.

From: Hajimu UMEMOTO <ume@freebsd.org>
To: =?ISO-8859-1?Q?Ga=EBl?= Roualland <gael.roualland@dial.oleane.com>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/89472: ipfw2 no longer supports filtering IPv6-over-IPv4 on 6.0-RELEASE
Date: Sun, 27 Nov 2005 14:06:17 +0900

 Hi,
 
 >>>>> On Sun, 27 Nov 2005 02:15:05 +0100
 >>>>> Ga=EBl Roualland <gael.roualland@dial.oleane.com> said:
 
 gael> I applied the patch, and 'show' was fine (except for ipv6 instead of
 gael> 41), but it did break my other rules.. Looks like "allow ip from any =
 to
 gael> any" doesn't match anything anymore...
 
 Oops, please try this patch instead.
 
 Index: sbin/ipfw/ipfw2.c
 diff -u -p sbin/ipfw/ipfw2.c.orig sbin/ipfw/ipfw2.c
 --- sbin/ipfw/ipfw2.c.orig	Sat Aug 20 17:36:57 2005
 +++ sbin/ipfw/ipfw2.c	Sun Nov 27 13:19:40 2005
 @@ -3596,7 +3596,7 @@ add_proto(ipfw_insn *cmd, char *av, u_ch
 =20
  	*proto =3D IPPROTO_IP;
 =20
 -	if (_substrcmp(av, "all") =3D=3D 0)
 +	if (_substrcmp(av, "all") =3D=3D 0 || strcmp(av, "ip") =3D=3D 0)
  		; /* do not set O_IP4 nor O_IP6 */
  	else if (strcmp(av, "ipv4") =3D=3D 0 || strcmp(av, "ip4") =3D=3D 0)
  		/* explicit "just IPv4" rule */
 @@ -3606,13 +3606,12 @@ add_proto(ipfw_insn *cmd, char *av, u_ch
  		*proto =3D IPPROTO_IPV6;
  		fill_cmd(cmd, O_IP6, 0, 0);
  	} else if ((*proto =3D atoi(av)) > 0)
 -		; /* all done! */
 -	else if ((pe =3D getprotobyname(av)) !=3D NULL)
 +		fill_cmd(cmd, O_PROTO, 0, *proto);
 +	else if ((pe =3D getprotobyname(av)) !=3D NULL) {
  		*proto =3D pe->p_proto;
 -	else
 -		return NULL;
 -	if (*proto !=3D IPPROTO_IP && *proto !=3D IPPROTO_IPV6)
  		fill_cmd(cmd, O_PROTO, 0, *proto);
 +	} else
 +		return NULL;
 =20
  	return cmd;
  }
 
 
 Sincerely,
 
 --
 Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
 ume@mahoroba.org  ume@{,jp.}FreeBSD.org
 http://www.imasy.org/~ume/