diff options
| author | philip <philip@FreeBSD.org> | 2017-07-31 19:48:29 +0000 |
|---|---|---|
| committer | philip <philip@FreeBSD.org> | 2017-07-31 19:48:29 +0000 |
| commit | efa008caeba52cf5e98c22c35d03b2d1fe9a1b6a (patch) | |
| tree | a778ab23bbdd827ce91f9af288a45fb701100cb2 | |
| parent | 258c375b290682e514751928336d1f15c41f5078 (diff) | |
| download | FreeBSD-src-efa008caeba52cf5e98c22c35d03b2d1fe9a1b6a.zip FreeBSD-src-efa008caeba52cf5e98c22c35d03b2d1fe9a1b6a.tar.gz | |
MFC r320941: Fix GRE over IPv6 tunnels with IPFW
Previously, GRE packets in IPv6 tunnels would be dropped by IPFW (unless
net.inet6.ip6.fw.deny_unknown_exthdrs was unset).
PR: 220640
Submitted by: Kun Xie <kxie@xiplink.com>
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw2.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index a66d5e7..a32261d 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -92,6 +92,8 @@ __FBSDID("$FreeBSD$"); #include <netinet6/ip6_var.h> #endif +#include <net/if_gre.h> /* for struct grehdr */ + #include <netpfil/ipfw/ip_fw_private.h> #include <machine/in_cksum.h> /* XXX for in_cksum */ @@ -1162,6 +1164,11 @@ do { \ PULLUP_TO(hlen, ulp, struct pim); break; + case IPPROTO_GRE: /* RFC 1701 */ + /* XXX GRE header check? */ + PULLUP_TO(hlen, ulp, struct grehdr); + break; + case IPPROTO_CARP: PULLUP_TO(hlen, ulp, struct carp_header); if (((struct carp_header *)ulp)->carp_version != |
