Re: IPFILTER IPv6 support non-functional? (was Re: IPF and IPv6)

From: Arjan de Vet (Arjan.deVet@adv.iae.nl)
Date: 02/28/01 

Date: Wed, 28 Feb 2001 20:49:03 +0100
To: "Jacques A. Vidrine" <n@nectar.com>, Mark Huizer <freebsd@dohd.org>
From: Arjan.deVet@adv.iae.nl (Arjan de Vet)

Mark Huizer wrote:

>I (and Guido van Rooij) had a look at this during a boring meeting some
>time ago, but it seems there were a few patches missing in the -current
>tree (something like the stuff in ipv6-patch in the FreeBSD-4.0
>directory).

Indeed. That piece of code is not present in both -current and -stable.

The ipv6-patch-4.1 file from the ipfilter distribution patches without
problems and I've checked that the -stable kernel compiles with INET6
and IPFILTER enabled. I don't have an IPv6 setup myself so I cannot test
it.

>But for the record: no, ipfilter doesn't work with filtering
>IPv6 in the current setup in FreeBSD -current

The missing code from that patch would indeed explain that.

Would the KAME people have problems integrating this patch to enable
IPv6 for IP-filter?

Arjan 

-- 
Arjan de Vet, Eindhoven, The Netherlands              <Arjan.deVet@adv.iae.nl>
URL: http://www.iae.nl/users/devet/           for PGP key: finger devet@iae.nl
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: IPFW and IPv6 TCP timeout problem
    ... TCP connections after a short timeout. ... Luigi Rizzo about it but he cannot help with the IPv6 part of the ipfw. ... The PR includes a patch, it just needs somebody to commit it. ...
    (freebsd-net)
  • Re: R: IPv6 and ipfw
    ... I attached a patch that solve this problem. ... this into my IPFW rules ... Matches a single IPv6 address as allowed by inet_pton ... and if tcp now goes into tcp and tcp6 I need to double my rules etc. ...
    (freebsd-net)
  • Re: TIME_WAIT sockets from other users (was Re: bin/65928: [PATCH] stock ftpd uses superuser credent
    ... > message is on reusing local addresses occupied by sockets belonging ... >> Attached below is a patch addressing the issue of the inability to ... > with established connections, ... However, I have no experience with IPv6, so currently I've got ...
    (freebsd-hackers)
  • Re: TIME_WAIT sockets from other users (was Re: bin/65928: [PATCH] stock ftpd uses superuser credent
    ... > message is on reusing local addresses occupied by sockets belonging ... >> Attached below is a patch addressing the issue of the inability to ... > with established connections, ... However, I have no experience with IPv6, so currently I've got ...
    (freebsd-net)
  • CFR/CFT: IPv6 patch for quota (PR 42004)
    ... PR 42004, which has been open for nearly five years, includes the patch ... below to add IPv6 support to /usr/bin/quota. ... If someone who uses IPv6 and quotas over NFS can test this patch, ... callaurpc(char *host, int prognum, int versnum, int procnum, ...
    (freebsd-current)