Fix panic when kernel compiled without INET6 by rejecting

IPv6 opcodes which are behind #if(n)def INET6 now. PR: kern/85826 MFC after: 3 days
2005-09-14 07:53:54 +00:00 · 2005-09-14 07:53:54 +00:00 · 4d056a4077
commit 4d056a4077
parent f1160f0b48
1 changed files with 30 additions and 6 deletions
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@ -2861,6 +2861,7 @@ do {									\
 				/* otherwise no match */
 				break;

+#ifdef INET6
 			case O_IP6_SRC:
 				match = is_ipv6 &&
 				    IN6_ARE_ADDR_EQUAL(&args->f_id.src_ip6,
@ -2892,14 +2893,13 @@ do {									\
 				}
 				break;

-#ifdef INET6
 			case O_IP6_SRC_ME:
 				match= is_ipv6 && search_ip6_addr_net(&args->f_id.src_ip6);
-			break;
+				break;

 			case O_IP6_DST_ME:
 				match= is_ipv6 && search_ip6_addr_net(&args->f_id.dst_ip6);
-			break;
+				break;

 			case O_FLOW6ID:
 				match = is_ipv6 &&
@ -3575,10 +3575,12 @@ check_ipfw_struct(struct ip_fw *rule, int size)
 		case O_VERSRCREACH:
 		case O_ANTISPOOF:
 		case O_IPSEC:
+#ifdef INET6
 		case O_IP6_SRC_ME:
 		case O_IP6_DST_ME:
 		case O_EXT_HDR:
 		case O_IP6:
+#endif
 		case O_IP4:
 			if (cmdlen != F_INSN_SIZE(ipfw_insn))
 				goto bad_size;
@ -3708,7 +3710,9 @@ check_ipfw_struct(struct ip_fw *rule, int size)
 		case O_ACCEPT:
 		case O_DENY:
 		case O_REJECT:
+#ifdef INET6
 		case O_UNREACH6:
+#endif
 		case O_SKIPTO:
 check_size:
 			if (cmdlen != F_INSN_SIZE(ipfw_insn))
@ -3728,6 +3732,7 @@ check_ipfw_struct(struct ip_fw *rule, int size)
 				return EINVAL;
 			}
 			break;
+#ifdef INET6
 		case O_IP6_SRC:
 		case O_IP6_DST:
 			if (cmdlen != F_INSN_SIZE(struct in6_addr) +
@ -3750,11 +3755,30 @@ check_ipfw_struct(struct ip_fw *rule, int size)
 			if( cmdlen != F_INSN_SIZE( ipfw_insn_icmp6 ) )
 				goto bad_size;
 			break;
+#endif

 		default:
-			printf("ipfw: opcode %d, unknown opcode\n",
-				cmd->opcode);
-			return EINVAL;
+			switch (cmd->opcode) {
+#ifndef INET6
+			case O_IP6_SRC_ME:
+			case O_IP6_DST_ME:
+			case O_EXT_HDR:
+			case O_IP6:
+			case O_UNREACH6:
+			case O_IP6_SRC:
+			case O_IP6_DST:
+			case O_FLOW6ID:
+			case O_IP6_SRC_MASK:
+			case O_IP6_DST_MASK:
+			case O_ICMP6TYPE:
+				printf("ipfw: no IPv6 support in kernel\n");
+				return EPROTONOSUPPORT;
+#endif
+			default:
+				printf("ipfw: opcode %d, unknown opcode\n",
+					cmd->opcode);
+				return EINVAL;
+			}
 		}
 	}
 	if (have_action == 0) {