Hi,
Recently on FreeBSD-6.2 STABLE I've noticed over 100x increase of
'ipfw: pullup failed' messages. This coincides with me starting to
run a Teredo relay which includes receiving pretty much arbitrary IPv6
packets from the network.
This appears to trigger a problem in sys/netinet/ip_fw2.c code with a
packet like:
11:35:48.327605 IP6 (hlim 255, next-header: unknown (59), length: 0)
2001:0:4136:xxxx:yyyy:zzzz:wwww:vvvv > fe80::fc31:b43b:679c:dcb9: no next header
now, the code in ip_fw2.c appears to be:
case IPPROTO_NONE: /* RFC 2460 */
PULLUP_TO(hlen, ulp, struct ip6_ext);
/* Packet ends here. if ip6e_len!=0 octets
* must be ignored. */
break;
.. but struct ip6_ext is at least 2 bytes long. Am I reading the code
correctly that it expects that even with IPPROTO_NONE, the IP header
needs to include at least 2 bytes of content. This would probably be
a bug, and instead of printing "pullup failed" it shouldn't try to
pull more than the base IPv6 header.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"