diff options
| author | Zhenlei Huang <zlei@FreeBSD.org> | 2025-09-16 15:58:24 +0000 |
|---|---|---|
| committer | Zhenlei Huang <zlei@FreeBSD.org> | 2025-09-16 15:58:24 +0000 |
| commit | 0418e6690e91aa6c38dd9af9da43c4c5a9dc1cd2 (patch) | |
| tree | 7b9049725d38138b77db31cbf553a967b31432ad | |
| parent | 4be491e1b9b3b650494208eb61511f4a45c7db3f (diff) | |
ipfw: Teach ipfw that EtherIP is an upper layer protocol
so that we do not discard EtherIP packets ( over IPv6 network ) when
net.inet6.ip6.fw.deny_unknown_exthdrs is set to 1 ( which is the default
value ).
PR: 227450
Reviewed by: ae, #network
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D52566
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw2.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index 3f810533b7fc..b59d8d08bf80 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -67,6 +67,7 @@ #include <net/route/nhop.h> #include <net/pfil.h> #include <net/vnet.h> +#include <net/if_gif.h> #include <net/if_pfsync.h> #include <netpfil/pf/pf_mtag.h> @@ -1757,6 +1758,12 @@ do { \ PULLUP_TO(hlen, ulp, struct ip); break; + case IPPROTO_ETHERIP: /* RFC 3378 */ + PULLUP_LEN(hlen, ulp, + sizeof(struct etherip_header) + + sizeof(struct ether_header)); + break; + case IPPROTO_PFSYNC: PULLUP_TO(hlen, ulp, struct pfsync_header); break; |