Re: IPFILTER IPv6 support non-functional?

From: Hajimu UMEMOTO (ume@mahoroba.org)
Date: 02/28/01 

Date: Thu, 01 Mar 2001 04:58:25 +0900 (JST)
To: Arjan.deVet@adv.iae.nl
From: Hajimu UMEMOTO <ume@mahoroba.org>

>>>>> On Wed, 28 Feb 2001 20:49:03 +0100
>>>>> Arjan de Vet <Arjan.deVet@adv.iae.nl> said:

Arjan.deVet> Mark Huizer wrote:

>I (and Guido van Rooij) had a look at this during a boring meeting some
>time ago, but it seems there were a few patches missing in the -current
>tree (something like the stuff in ipv6-patch in the FreeBSD-4.0
>directory).

Arjan.deVet> Indeed. That piece of code is not present in both -current and -stable.

Arjan.deVet> The ipv6-patch-4.1 file from the ipfilter distribution patches without
Arjan.deVet> problems and I've checked that the -stable kernel compiles with INET6
Arjan.deVet> and IPFILTER enabled. I don't have an IPv6 setup myself so I cannot test
Arjan.deVet> it.

>But for the record: no, ipfilter doesn't work with filtering
>IPv6 in the current setup in FreeBSD -current

Arjan.deVet> The missing code from that patch would indeed explain that.

Arjan.deVet> Would the KAME people have problems integrating this patch to enable
Arjan.deVet> IPv6 for IP-filter?

I believe KAME doesn't maintain IP-filter at all. But, itojun said
that calculation of payload length is wrong. 

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org  ume@bisd.hitachi.co.jp  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages