diff options
author | ume <ume@FreeBSD.org> | 2006-06-22 13:22:54 +0000 |
---|---|---|
committer | ume <ume@FreeBSD.org> | 2006-06-22 13:22:54 +0000 |
commit | bddec6f4bb506c2d8da76bde20133aaf9017c68e (patch) | |
tree | fc5196da51a303d649601fa62e388652ceddd54a /sys/netinet/ip_fw2.c | |
parent | bfe074b2a8d465e6ab047144daba3aceb8111247 (diff) | |
download | FreeBSD-src-bddec6f4bb506c2d8da76bde20133aaf9017c68e.zip FreeBSD-src-bddec6f4bb506c2d8da76bde20133aaf9017c68e.tar.gz |
- Pullup even when the extention header is unknown, to prevent
infinite loop with net.inet6.ip6.fw.deny_unknown_exthdrs=0.
- Teach ipv6 and ipencap as they appear in an IPv4/IPv6 over IPv6
tunnel.
- Test the next extention header even when the routing header type
is unknown with net.inet6.ip6.fw.deny_unknown_exthdrs=0.
Found by: xcast-fan-club
MFC after: 1 week
Diffstat (limited to 'sys/netinet/ip_fw2.c')
-rw-r--r-- | sys/netinet/ip_fw2.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index 9ab4aba..0723cbe 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -2189,7 +2189,10 @@ do { \ case IPPROTO_ROUTING: /* RFC 2460 */ PULLUP_TO(hlen, ulp, struct ip6_rthdr); - if (((struct ip6_rthdr *)ulp)->ip6r_type != 0) { + switch (((struct ip6_rthdr *)ulp)->ip6r_type) { + case 0: + break; + default: printf("IPFW2: IPV6 - Unknown Routing " "Header type(%d)\n", ((struct ip6_rthdr *)ulp)->ip6r_type); @@ -2260,11 +2263,20 @@ do { \ PULLUP_TO(hlen, ulp, struct ip6_ext); break; + case IPPROTO_IPV6: /* RFC 2893 */ + PULLUP_TO(hlen, ulp, struct ip6_hdr); + break; + + case IPPROTO_IPV4: /* RFC 2893 */ + PULLUP_TO(hlen, ulp, struct ip); + break; + default: printf("IPFW2: IPV6 - Unknown Extension " "Header(%d), ext_hd=%x\n", proto, ext_hd); if (fw_deny_unknown_exthdrs) return (IP_FW_DENY); + PULLUP_TO(hlen, ulp, struct ip6_ext); break; } /*switch */ } |