Project

General

Profile

Submit #3085

[PATCH] pf(4): Bring some IPv6-related fixes from OpenBSD

Added by liweitianux 29 days ago. Updated 28 days ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
PF
Target version:
-
Start date:
10/21/2017
Due date:
% Done:

100%


Description

Hello,

The attached patch contains the following 3 commits that I brought from OpenBSD:

1. pf: use IN6_IS_SCOPE_EMBED to check kernel-internal form addresses
2. pf: Always skip "urpf-failed" test for IPv6 link local addresses
3. pf: Make pf_print_host() print IPv6 addresses correctly

The second commit fixes the "uprf-failed" issue on IPv6 that I shared on the mailing list some time ago [1]. With this fix, the "urpf-failed" rule can just be enabled on both IPv4 and IPv6.

Credit to Marcin Wisnicki, who pointed out the problem and gave fixes to it [2].

[1] http://lists.dragonflybsd.org/pipermail/users/2017-August/313577.html
[2] https://lists.freebsd.org/pipermail/freebsd-pf/2010-July/005724.html

Cheers,
Aly

pf-inet6.patch View (3.73 KB) liweitianux, 10/20/2017 11:31 PM

History

#1 Updated by liweitianux 29 days ago

I have tested the fixes on 5.1-DEVELOPMENT:

dfly ~% uname -a
DragonFly dfly.aaronly.me 5.1-DEVELOPMENT DragonFly v5.1.0.110.gcc3fe-DEVELOPMENT #1: Thu Oct 19 08:07:10 CST 2017 :/usr/obj/usr/src/sys/X86_64_GENERIC x86_64

Cheers,
Aly

#2 Updated by sepherosa 29 days ago

I will take care of this patch.

On Sat, Oct 21, 2017 at 2:38 PM,
<> wrote:
> Issue #3085 has been reported by liweitianux.
>
> ----------------------------------------
> Submit #3085: [PATCH] pf(4): Bring some IPv6-related fixes from OpenBSD
> http://bugs.dragonflybsd.org/issues/3085
>
> * Author: liweitianux
> * Status: New
> * Priority: Normal
> * Assignee:
> * Category: PF
> * Target version:
> ----------------------------------------
> Hello,
>
> The attached patch contains the following 3 commits that I brought from OpenBSD:
>
> 1. pf: use IN6_IS_SCOPE_EMBED to check kernel-internal form addresses
> 2. pf: Always skip "urpf-failed" test for IPv6 link local addresses
> 3. pf: Make pf_print_host() print IPv6 addresses correctly
>
> The second commit fixes the "uprf-failed" issue on IPv6 that I shared on the mailing list some time ago [1]. With this fix, the "urpf-failed" rule can just be enabled on both IPv4 and IPv6.
>
> Credit to Marcin Wisnicki, who pointed out the problem and gave fixes to it [2].
>
> [1] http://lists.dragonflybsd.org/pipermail/users/2017-August/313577.html
> [2] https://lists.freebsd.org/pipermail/freebsd-pf/2010-July/005724.html
>
>
> Cheers,
> Aly
>
> ---Files--------------------------------
> pf-inet6.patch (3.73 KB)
>
>
> --
> You have received this notification because you have either subscribed to it, or are involved in it.
> To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account

--
Tomorrow Will Never Die

#3 Updated by sepherosa 28 days ago

Committed! Thank you!

On Sat, Oct 21, 2017 at 6:06 PM,
<> wrote:
> Issue #3085 has been updated by sepherosa.
>
>
> I will take care of this patch.
>
> On Sat, Oct 21, 2017 at 2:38 PM,
> <> wrote:
>> Issue #3085 has been reported by liweitianux.
>>
>> ----------------------------------------
>> Submit #3085: [PATCH] pf(4): Bring some IPv6-related fixes from OpenBSD
>> http://bugs.dragonflybsd.org/issues/3085
>>
>> * Author: liweitianux
>> * Status: New
>> * Priority: Normal
>> * Assignee:
>> * Category: PF
>> * Target version:
>> ----------------------------------------
>> Hello,
>>
>> The attached patch contains the following 3 commits that I brought from OpenBSD:
>>
>> 1. pf: use IN6_IS_SCOPE_EMBED to check kernel-internal form addresses
>> 2. pf: Always skip "urpf-failed" test for IPv6 link local addresses
>> 3. pf: Make pf_print_host() print IPv6 addresses correctly
>>
>> The second commit fixes the "uprf-failed" issue on IPv6 that I shared on the mailing list some time ago [1]. With this fix, the "urpf-failed" rule can just be enabled on both IPv4 and IPv6.
>>
>> Credit to Marcin Wisnicki, who pointed out the problem and gave fixes to it [2].
>>
>> [1] http://lists.dragonflybsd.org/pipermail/users/2017-August/313577.html
>> [2] https://lists.freebsd.org/pipermail/freebsd-pf/2010-July/005724.html
>>
>>
>> Cheers,
>> Aly
>>
>> ---Files--------------------------------
>> pf-inet6.patch (3.73 KB)
>>
>>
>> --
>> You have received this notification because you have either subscribed to it, or are involved in it.
>> To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account
>
>
>
> --
> Tomorrow Will Never Die
>
> ----------------------------------------
> Submit #3085: [PATCH] pf(4): Bring some IPv6-related fixes from OpenBSD
> http://bugs.dragonflybsd.org/issues/3085#change-13276
>
> * Author: liweitianux
> * Status: New
> * Priority: Normal
> * Assignee:
> * Category: PF
> * Target version:
> ----------------------------------------
> Hello,
>
> The attached patch contains the following 3 commits that I brought from OpenBSD:
>
> 1. pf: use IN6_IS_SCOPE_EMBED to check kernel-internal form addresses
> 2. pf: Always skip "urpf-failed" test for IPv6 link local addresses
> 3. pf: Make pf_print_host() print IPv6 addresses correctly
>
> The second commit fixes the "uprf-failed" issue on IPv6 that I shared on the mailing list some time ago [1]. With this fix, the "urpf-failed" rule can just be enabled on both IPv4 and IPv6.
>
> Credit to Marcin Wisnicki, who pointed out the problem and gave fixes to it [2].
>
> [1] http://lists.dragonflybsd.org/pipermail/users/2017-August/313577.html
> [2] https://lists.freebsd.org/pipermail/freebsd-pf/2010-July/005724.html
>
>
> Cheers,
> Aly
>
> ---Files--------------------------------
> pf-inet6.patch (3.73 KB)
>
>
> --
> You have received this notification because you have either subscribed to it, or are involved in it.
> To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account

--
Tomorrow Will Never Die

#4 Updated by liweitianux 28 days ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Hi sephe, thank you for reviewing and committing this patch.

Cheers,
Aly

Also available in: Atom PDF