Submit #3085
closed[PATCH] pf(4): Bring some IPv6-related fixes from OpenBSD
100%
Description
Hello,
The attached patch contains the following 3 commits that I brought from OpenBSD:
1. pf: use IN6_IS_SCOPE_EMBED to check kernel-internal form addresses
2. pf: Always skip "urpf-failed" test for IPv6 link local addresses
3. pf: Make pf_print_host() print IPv6 addresses correctly
The second commit fixes the "uprf-failed" issue on IPv6 that I shared on the mailing list some time ago [1]. With this fix, the "urpf-failed" rule can just be enabled on both IPv4 and IPv6.
Credit to Marcin Wisnicki, who pointed out the problem and gave fixes to it [2].
[1] http://lists.dragonflybsd.org/pipermail/users/2017-August/313577.html
[2] https://lists.freebsd.org/pipermail/freebsd-pf/2010-July/005724.html
Cheers,
Aly
Files
Updated by liweitianux about 7 years ago
I have tested the fixes on 5.1-DEVELOPMENT:
dfly ~% uname -a
DragonFly dfly.aaronly.me 5.1-DEVELOPMENT DragonFly v5.1.0.110.gcc3fe-DEVELOPMENT #1: Thu Oct 19 08:07:10 CST 2017 aly@dfly.aaronly.me:/usr/obj/usr/src/sys/X86_64_GENERIC x86_64
Cheers,
Aly
Updated by sepherosa about 7 years ago
I will take care of this patch.
On Sat, Oct 21, 2017 at 2:38 PM,
<bugtracker-admin@leaf.dragonflybsd.org> wrote:
Issue #3085 has been reported by liweitianux.
----------------------------------------
Submit #3085: [PATCH] pf(4): Bring some IPv6-related fixes from OpenBSD
http://bugs.dragonflybsd.org/issues/3085
- Author: liweitianux
- Status: New
- Priority: Normal
- Assignee:
- Category: PF
- Target version:
----------------------------------------
Hello,The attached patch contains the following 3 commits that I brought from OpenBSD:
1. pf: use IN6_IS_SCOPE_EMBED to check kernel-internal form addresses
2. pf: Always skip "urpf-failed" test for IPv6 link local addresses
3. pf: Make pf_print_host() print IPv6 addresses correctlyThe second commit fixes the "uprf-failed" issue on IPv6 that I shared on the mailing list some time ago [1]. With this fix, the "urpf-failed" rule can just be enabled on both IPv4 and IPv6.
Credit to Marcin Wisnicki, who pointed out the problem and gave fixes to it [2].
[1] http://lists.dragonflybsd.org/pipermail/users/2017-August/313577.html
[2] https://lists.freebsd.org/pipermail/freebsd-pf/2010-July/005724.htmlCheers,
Aly---Files--------------------------------
pf-inet6.patch (3.73 KB)--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account
--
Tomorrow Will Never Die
Updated by sepherosa about 7 years ago
Committed! Thank you!
On Sat, Oct 21, 2017 at 6:06 PM,
<bugtracker-admin@leaf.dragonflybsd.org> wrote:
Issue #3085 has been updated by sepherosa.
I will take care of this patch.
On Sat, Oct 21, 2017 at 2:38 PM,
<bugtracker-admin@leaf.dragonflybsd.org> wrote:Issue #3085 has been reported by liweitianux.
----------------------------------------
Submit #3085: [PATCH] pf(4): Bring some IPv6-related fixes from OpenBSD
http://bugs.dragonflybsd.org/issues/3085
- Author: liweitianux
- Status: New
- Priority: Normal
- Assignee:
- Category: PF
- Target version:
----------------------------------------
Hello,The attached patch contains the following 3 commits that I brought from OpenBSD:
1. pf: use IN6_IS_SCOPE_EMBED to check kernel-internal form addresses
2. pf: Always skip "urpf-failed" test for IPv6 link local addresses
3. pf: Make pf_print_host() print IPv6 addresses correctlyThe second commit fixes the "uprf-failed" issue on IPv6 that I shared on the mailing list some time ago [1]. With this fix, the "urpf-failed" rule can just be enabled on both IPv4 and IPv6.
Credit to Marcin Wisnicki, who pointed out the problem and gave fixes to it [2].
[1] http://lists.dragonflybsd.org/pipermail/users/2017-August/313577.html
[2] https://lists.freebsd.org/pipermail/freebsd-pf/2010-July/005724.htmlCheers,
Aly---Files--------------------------------
pf-inet6.patch (3.73 KB)--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account--
Tomorrow Will Never Die----------------------------------------
Submit #3085: [PATCH] pf(4): Bring some IPv6-related fixes from OpenBSD
http://bugs.dragonflybsd.org/issues/3085#change-13276
- Author: liweitianux
- Status: New
- Priority: Normal
- Assignee:
- Category: PF
- Target version:
----------------------------------------
Hello,The attached patch contains the following 3 commits that I brought from OpenBSD:
1. pf: use IN6_IS_SCOPE_EMBED to check kernel-internal form addresses
2. pf: Always skip "urpf-failed" test for IPv6 link local addresses
3. pf: Make pf_print_host() print IPv6 addresses correctlyThe second commit fixes the "uprf-failed" issue on IPv6 that I shared on the mailing list some time ago [1]. With this fix, the "urpf-failed" rule can just be enabled on both IPv4 and IPv6.
Credit to Marcin Wisnicki, who pointed out the problem and gave fixes to it [2].
[1] http://lists.dragonflybsd.org/pipermail/users/2017-August/313577.html
[2] https://lists.freebsd.org/pipermail/freebsd-pf/2010-July/005724.htmlCheers,
Aly---Files--------------------------------
pf-inet6.patch (3.73 KB)--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account
--
Tomorrow Will Never Die
Updated by liweitianux about 7 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
Hi sephe, thank you for reviewing and committing this patch.
Cheers,
Aly