diff options
| author | bz <bz@FreeBSD.org> | 2006-10-07 10:19:58 +0000 |
|---|---|---|
| committer | bz <bz@FreeBSD.org> | 2006-10-07 10:19:58 +0000 |
| commit | af0ae0b158b8fa8093b0d56765585fcc940a4ef1 (patch) | |
| tree | a72d4fb9f2a0e419ea98e4e9b64d08c6d9c35407 /sys/netinet/ip_fw2.c | |
| parent | 501f84b68cf72d5f30754dd19fce590dc5ecdd51 (diff) | |
| download | FreeBSD-src-af0ae0b158b8fa8093b0d56765585fcc940a4ef1.zip FreeBSD-src-af0ae0b158b8fa8093b0d56765585fcc940a4ef1.tar.gz | |
Set scope on MC address so IPv6 carp advertisement will not get dropped
in ip6_output. In case this fails handle the error directly and log it[1].
In addition permit CARP over v6 in ip_fw2.
PR: kern/98622
Similar patch by: suz
Discussed with: glebius [1]
Tested by: Paul.Dekkers surfnet.nl, Philippe.Pegon crc.u-strasbg.fr
MFC after: 3 days
Diffstat (limited to 'sys/netinet/ip_fw2.c')
| -rw-r--r-- | sys/netinet/ip_fw2.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index d08d8de..01f2f3e 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -74,6 +74,7 @@ #include <netinet/ip_fw.h> #include <netinet/ip_divert.h> #include <netinet/ip_dummynet.h> +#include <netinet/ip_carp.h> #include <netinet/pim.h> #include <netinet/tcp.h> #include <netinet/tcp_timer.h> @@ -2284,6 +2285,16 @@ do { \ PULLUP_TO(hlen, ulp, struct pim); break; + case IPPROTO_CARP: + PULLUP_TO(hlen, ulp, struct carp_header); + if (((struct carp_header *)ulp)->carp_version != + CARP_VERSION) + return (IP_FW_DENY); + if (((struct carp_header *)ulp)->carp_type != + CARP_ADVERTISEMENT) + return (IP_FW_DENY); + break; + case IPPROTO_IPV6: /* RFC 2893 */ PULLUP_TO(hlen, ulp, struct ip6_hdr); break; |
