From 59a613b14d62ddcf607e42f60a6eb44796cb83cf Mon Sep 17 00:00:00 2001 From: Luigi Rizzo Date: Thu, 7 Jan 2010 12:00:54 +0000 Subject: [PATCH] check that we have an ipv4 packet before swapping ip_len and ip_off. This should fix the handling of ipv6 packets which i broke when i made ipfw operate on packets in network format. Reported by: Hajimu UMEMOTO --- sys/netinet/ipfw/ip_fw_pfil.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sys/netinet/ipfw/ip_fw_pfil.c b/sys/netinet/ipfw/ip_fw_pfil.c index d8ec0a34104..a7aa5aa4f3a 100644 --- a/sys/netinet/ipfw/ip_fw_pfil.c +++ b/sys/netinet/ipfw/ip_fw_pfil.c @@ -104,7 +104,8 @@ ipfw_check_hook(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir, int ret; /* all the processing now uses ip_len in net format */ - SET_NET_IPLEN(mtod(*m0, struct ip *)); + if (mtod(*m0, struct ip *)->ip_v == 4) + SET_NET_IPLEN(mtod(*m0, struct ip *)); /* convert dir to IPFW values */ dir = (dir == PFIL_IN) ? DIR_IN : DIR_OUT; @@ -236,7 +237,7 @@ again: FREE_PKT(*m0); *m0 = NULL; } - if (*m0) + if (*m0 && mtod(*m0, struct ip *)->ip_v == 4) SET_HOST_IPLEN(mtod(*m0, struct ip *)); return ret; }