Submit #3085: [PATCH] pf(4): Bring some IPv6-related fixes from OpenBSD - DragonFlyBSD - DragonFlyBSD bugtracker

Actions

#1

Updated by liweitianux about 7 years ago

I have tested the fixes on 5.1-DEVELOPMENT:

dfly ~% uname -a
DragonFly dfly.aaronly.me 5.1-DEVELOPMENT DragonFly v5.1.0.110.gcc3fe-DEVELOPMENT #1: Thu Oct 19 08:07:10 CST 2017 aly@dfly.aaronly.me:/usr/obj/usr/src/sys/X86_64_GENERIC x86_64

Cheers,
Aly

Actions

Copy link

#2

Updated by sepherosa about 7 years ago

I will take care of this patch.

On Sat, Oct 21, 2017 at 2:38 PM,
<bugtracker-admin@leaf.dragonflybsd.org> wrote:

Issue #3085 has been reported by liweitianux.

----------------------------------------
Submit #3085: [PATCH] pf(4): Bring some IPv6-related fixes from OpenBSD
http://bugs.dragonflybsd.org/issues/3085

Author: liweitianux

Status: New

Priority: Normal

Assignee:

Category: PF

Target version:
----------------------------------------
Hello,

The attached patch contains the following 3 commits that I brought from OpenBSD:

1. pf: use IN6_IS_SCOPE_EMBED to check kernel-internal form addresses
2. pf: Always skip "urpf-failed" test for IPv6 link local addresses
3. pf: Make pf_print_host() print IPv6 addresses correctly

The second commit fixes the "uprf-failed" issue on IPv6 that I shared on the mailing list some time ago [1]. With this fix, the "urpf-failed" rule can just be enabled on both IPv4 and IPv6.

Credit to Marcin Wisnicki, who pointed out the problem and gave fixes to it [2].

[1] http://lists.dragonflybsd.org/pipermail/users/2017-August/313577.html
[2] https://lists.freebsd.org/pipermail/freebsd-pf/2010-July/005724.html

Cheers,
Aly

---Files--------------------------------
pf-inet6.patch (3.73 KB)

--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account

--
Tomorrow Will Never Die

Actions

Copy link

#3

Updated by sepherosa about 7 years ago

Committed! Thank you!

On Sat, Oct 21, 2017 at 6:06 PM,
<bugtracker-admin@leaf.dragonflybsd.org> wrote:

Issue #3085 has been updated by sepherosa.

I will take care of this patch.

On Sat, Oct 21, 2017 at 2:38 PM,
<bugtracker-admin@leaf.dragonflybsd.org> wrote:

Issue #3085 has been reported by liweitianux.

----------------------------------------
Submit #3085: [PATCH] pf(4): Bring some IPv6-related fixes from OpenBSD
http://bugs.dragonflybsd.org/issues/3085

Author: liweitianux

Status: New

Priority: Normal

Assignee:

Category: PF

Target version:
----------------------------------------
Hello,

The attached patch contains the following 3 commits that I brought from OpenBSD:

1. pf: use IN6_IS_SCOPE_EMBED to check kernel-internal form addresses
2. pf: Always skip "urpf-failed" test for IPv6 link local addresses
3. pf: Make pf_print_host() print IPv6 addresses correctly

The second commit fixes the "uprf-failed" issue on IPv6 that I shared on the mailing list some time ago [1]. With this fix, the "urpf-failed" rule can just be enabled on both IPv4 and IPv6.

Credit to Marcin Wisnicki, who pointed out the problem and gave fixes to it [2].

[1] http://lists.dragonflybsd.org/pipermail/users/2017-August/313577.html
[2] https://lists.freebsd.org/pipermail/freebsd-pf/2010-July/005724.html

Cheers,
Aly

---Files--------------------------------
pf-inet6.patch (3.73 KB)

--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account

--
Tomorrow Will Never Die

----------------------------------------
Submit #3085: [PATCH] pf(4): Bring some IPv6-related fixes from OpenBSD
http://bugs.dragonflybsd.org/issues/3085#change-13276

Author: liweitianux

Status: New

Priority: Normal

Assignee:

Category: PF

Target version:
----------------------------------------
Hello,

The attached patch contains the following 3 commits that I brought from OpenBSD:

1. pf: use IN6_IS_SCOPE_EMBED to check kernel-internal form addresses
2. pf: Always skip "urpf-failed" test for IPv6 link local addresses
3. pf: Make pf_print_host() print IPv6 addresses correctly

The second commit fixes the "uprf-failed" issue on IPv6 that I shared on the mailing list some time ago [1]. With this fix, the "urpf-failed" rule can just be enabled on both IPv4 and IPv6.

Credit to Marcin Wisnicki, who pointed out the problem and gave fixes to it [2].

[1] http://lists.dragonflybsd.org/pipermail/users/2017-August/313577.html
[2] https://lists.freebsd.org/pipermail/freebsd-pf/2010-July/005724.html

Cheers,
Aly

---Files--------------------------------
pf-inet6.patch (3.73 KB)

--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account

--
Tomorrow Will Never Die

Actions

Copy link

#4

Updated by liweitianux about 7 years ago

Status changed from New to Closed
% Done changed from 0 to 100

Hi sephe, thank you for reviewing and committing this patch.

Cheers,
Aly

Project

General

Profile

DragonFlyBSD

Submit #3085

[PATCH] pf(4): Bring some IPv6-related fixes from OpenBSD

Updated by liweitianux about 7 years ago

Updated by sepherosa about 7 years ago

Updated by sepherosa about 7 years ago

Updated by liweitianux about 7 years ago