Fix GRE over IPv6 tunnels with IPFW

Previously, GRE packets in IPv6 tunnels would be dropped by IPFW (unless net.inet6.ip6.fw.deny_unknown_exthdrs was unset). PR: 220640 Submitted by: Kun Xie <kxie@xiplink.com> MFC after: 1 week
svn path=/head/; revision=320941
2017-07-13 09:01:22 +00:00 · 2017-07-13 09:01:22 +00:00 · b0e1660d53 · 2020-12-20 02:59:44 +00:00
commit b0e1660d53
parent 60686c3703
1 changed files with 7 additions and 0 deletions
--- a/sys/netpfil/ipfw/ip_fw2.c
+++ b/sys/netpfil/ipfw/ip_fw2.c
@ -92,6 +92,8 @@ __FBSDID("$FreeBSD$");
 #include <netinet6/ip6_var.h>
 #endif

+#include <net/if_gre.h> /* for struct grehdr */
+
 #include <netpfil/ipfw/ip_fw_private.h>

 #include <machine/in_cksum.h>	/* XXX for in_cksum */
@ -1162,6 +1164,11 @@ do {								\
 				PULLUP_TO(hlen, ulp, struct pim);
 				break;

+			case IPPROTO_GRE:	/* RFC 1701 */
+				/* XXX GRE header check? */
+				PULLUP_TO(hlen, ulp, struct grehdr);
+				break;
+
 			case IPPROTO_CARP:
 				PULLUP_TO(hlen, ulp, struct carp_header);
 				if (((struct carp_header *)ulp)->carp_version !=