From nobody@FreeBSD.org  Mon Aug 13 12:44:58 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2438A106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 13 Aug 2012 12:44:58 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 105F98FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 13 Aug 2012 12:44:58 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q7DCiv9C075309
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 13 Aug 2012 12:44:57 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q7DCiv6r075305;
	Mon, 13 Aug 2012 12:44:57 GMT
	(envelope-from nobody)
Message-Id: <201208131244.q7DCiv6r075305@red.freebsd.org>
Date: Mon, 13 Aug 2012 12:44:57 GMT
From: Freek Dijkstra <public@macfreek.nl>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [ipfw] ipv6 reass broken
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         170604
>Category:       kern
>Synopsis:       [ipfw] ipv6 reass broken
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ipfw
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 13 12:50:01 UTC 2012
>Closed-Date:    
>Last-Modified:  Wed Apr 16 01:13:43 UTC 2014
>Originator:     Freek Dijkstra
>Release:        9.0-RELEASE
>Organization:
>Environment:
FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan  3 07:15:25 UTC 2012     root@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
Summary:
Packet reassembly is only implemented for IPv4, not for IPv6. This is a request to:
* Support IPv6 packet reassembly with the "reass" command in ipfw.
* Update the documentation and/or ignore the ip6 reass command (to avoid someone bricking a device) in the mean time

Notes: I presume this is the same problem as reported earlier by someone else on the freebsd-ipfw list:
http://lists.freebsd.org/pipermail/freebsd-ipfw/2011-October/004918.html

The bug report/feature request is meant to keep track of that issue.
>How-To-Repeat:
Steps to reproduce:
1. Add the following rules to ipfw:
# sysctl net.inet.ip.fw.one_pass=0
# ipfw add 100 reass ipv6 from any to any in
2. Try to connect to the device (with any means, e.g. ssh over either IPv4 or IPv6)

Expected result:
I expect the device to be reachable

Actual result:
I bricked my device

>Fix:


>Release-Note:
>Audit-Trail:

From: Eugene Grosbein <egrosbein@rdtc.ru>
To: bug-followup@FreeBSD.ORG
Cc:  
Subject: Re: kern/170604: [ipfw] ipv6 reass broken
Date: Wed, 20 Mar 2013 12:51:03 +0700

 Hi!
 
 The problem is here in 8.3-STABLE too, the following rule drops all incoming IPv6 packets
 (but reassembles and passes IPv4):
 
 ipfw add reass ip from any to any in recv em0
 
 Eugene Grosbein

From: Eugene Grosbein <egrosbein@rdtc.ru>
To: bug-followup@FreeBSD.ORG
Cc:  
Subject: Re: kern/170604: [ipfw] ipv6 reass broken
Date: Wed, 20 Mar 2013 13:45:15 +0700

 20.03.2013 12:51, Eugene Grosbein :
 > Hi!
 > 
 > The problem is here in 8.3-STABLE too, the following rule drops all incoming IPv6 packets
 > (but reassembles and passes IPv4):
 > 
 > ipfw add reass ip from any to any in recv em0
 
 Btw, obvious workaround is to replace 'ip' with 'ip4', so that the rule
 does not match IPv6 packets and does not block them.
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Apr 16 01:13:21 UTC 2014 
Responsible-Changed-Why:  
reassign. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=170604 
>Unformatted:
