check that we have an ipv4 packet before swapping ip_len and ip_off.

This should fix the handling of ipv6 packets which i broke when i made ipfw operate on packets in network format. Reported by: Hajimu UMEMOTO
author: luigi <luigi@FreeBSD.org> 2010-01-07 12:00:54 +0000
committer: luigi <luigi@FreeBSD.org> 2010-01-07 12:00:54 +0000
commit: 057d16827d4666da5bfe192ec0bcf74d83f3c571 (patch)
tree: f3c9ebe408991917551620c4e33883c8a3790d52 /sys/netinet/ipfw
parent: e41443f1570bfd10eb2029f31493350ceab48cc2 (diff)
download: FreeBSD-src-057d16827d4666da5bfe192ec0bcf74d83f3c571.zip
FreeBSD-src-057d16827d4666da5bfe192ec0bcf74d83f3c571.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/netinet/ipfw/ip_fw_pfil.c b/sys/netinet/ipfw/ip_fw_pfil.c
index d8ec0a3..a7aa5aa 100644
--- a/sys/netinet/ipfw/ip_fw_pfil.c
+++ b/sys/netinet/ipfw/ip_fw_pfil.c
@@ -104,7 +104,8 @@ ipfw_check_hook(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
 	int ret;
 
 	/* all the processing now uses ip_len in net format */
-	SET_NET_IPLEN(mtod(*m0, struct ip *));
+	if (mtod(*m0, struct ip *)->ip_v == 4)
+		SET_NET_IPLEN(mtod(*m0, struct ip *));
 
 	/* convert dir to IPFW values */
 	dir = (dir == PFIL_IN) ? DIR_IN : DIR_OUT;
@@ -236,7 +237,7 @@ again:
 			FREE_PKT(*m0);
 		*m0 = NULL;
 	}
-	if (*m0)
+	if (*m0 && mtod(*m0, struct ip *)->ip_v == 4)
 		SET_HOST_IPLEN(mtod(*m0, struct ip *));
 	return ret;
 }
author	luigi <luigi@FreeBSD.org>	2010-01-07 12:00:54 +0000
committer	luigi <luigi@FreeBSD.org>	2010-01-07 12:00:54 +0000
commit	057d16827d4666da5bfe192ec0bcf74d83f3c571 (patch)
tree	f3c9ebe408991917551620c4e33883c8a3790d52 /sys/netinet/ipfw
parent	e41443f1570bfd10eb2029f31493350ceab48cc2 (diff)
download	FreeBSD-src-057d16827d4666da5bfe192ec0bcf74d83f3c571.zip FreeBSD-src-057d16827d4666da5bfe192ec0bcf74d83f3c571.tar.gz