Fwd: cvs commit: src/sys/netinet ip_fw2.c

From: Max Laier <max_at_love2party.net>
Date: Sun, 12 Jun 2005 18:33:54 +0200
All,

if you are relying on IPFW2's new IPv6 capabilities as your IPv6 packet 
filter, it's time to update.  The commit below fixes a problem with in the 
code that would match random IPv6 packets to IPv4 rules.

-- 
/"\  Best regards,                      | mlaier_at_freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier_at_EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

attached mail follows:

attached mail follows:

  FreeBSD src repository

  Modified files:
    sys/netinet          ip_fw2.c 
  Log:
  When doing matching based on dst_ip/src_ip make sure we are really looking
  on an IPv4 packet as these variables are uninitialized if not.  This used to
  allow arbitrary IPv6 packets depending on the value in the uninitialized
  variables.
  
  Some opcodes (most noteably O_REJECT) do not support IPv6 at all right now.
  
  Reviewed by:    brooks, glebius
  Security:       IPFW might pass IPv6 packets depending on stack contents.
  Approved by:    re (blanket)
  
  Revision  Changes    Path
  1.102     +13 -10    src/sys/netinet/ip_fw2.c
Received on Sun Jun 12 2005 - 14:38:05 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:36 UTC