diff options
| author | philip <philip@FreeBSD.org> | 2017-08-01 13:15:30 +0000 |
|---|---|---|
| committer | philip <philip@FreeBSD.org> | 2017-08-01 13:15:30 +0000 |
| commit | ebb0c405f69756050f03f234601a40ebbbda629d (patch) | |
| tree | 9cf9c92a2db9cd13bda94c221cbe58b73d671986 | |
| parent | 3a44b48ded0cfd510f9cca2201f011860109d62c (diff) | |
| download | FreeBSD-src-ebb0c405f69756050f03f234601a40ebbbda629d.zip FreeBSD-src-ebb0c405f69756050f03f234601a40ebbbda629d.tar.gz | |
MFC r320941: Fix GRE over IPv6 tunnels with IPFW
Previously, GRE packets in IPv6 tunnels would be dropped by IPFW (unless
net.inet6.ip6.fw.deny_unknown_exthdrs was unset).
PR: 220640
Submitted by: Kun Xie <kxie@xiplink.com>
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw2.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index 1a5b699..f815d89 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -87,6 +87,8 @@ __FBSDID("$FreeBSD$"); #include <netinet6/ip6_var.h> #endif +#include <net/if_gre.h> /* for struct grehdr */ + #include <netpfil/ipfw/ip_fw_private.h> #include <machine/in_cksum.h> /* XXX for in_cksum */ @@ -1143,6 +1145,11 @@ do { \ PULLUP_TO(hlen, ulp, struct pim); break; + case IPPROTO_GRE: /* RFC 1701 */ + /* XXX GRE header check? */ + PULLUP_TO(hlen, ulp, struct grehdr); + break; + case IPPROTO_CARP: PULLUP_TO(hlen, ulp, struct carp_header); if (((struct carp_header *)ulp)->carp_version != |
