Subject: bin/15460: ICMPv6 type in ipfilter (src/dist/ipf/parse.c rev. 1.8)
To: None <gnats-bugs@gnats.netbsd.org>
From: None <naoki@fukaumi.org>
List: netbsd-bugs
Date: 02/02/2002 16:37:21
>Number:         15460
>Category:       bin
>Synopsis:       ICMPv6 type in ipfilter (src/dist/ipf/parse.c rev. 1.8)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Feb 01 23:38:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     
>Release:        NetBSD 1.5ZA
>Organization:
FUKAUMI Naoki
>Environment:
>Description:
	I found recent changes in src/dist/ipf/parse.c. (rev. 1.8)
	cvs log shows ipfstat will print ICMPv6 type in ipf rule.

	from cvs log parse.c
	> after this fix:
	>   0 pass in quick proto ipv6-icmp from any to any icmp-type 8

	Is icmp type 8 correct? If it means ICMP ECHO REQUEST, it should
	be type 128.

	from src/sys/netinet/icmp6.h
	> #define ICMP6_ECHO_REQUEST		128	/* echo service */

>How-To-Repeat:
	I didn't test it. If I'm wrong, sorry ;)
>Fix:
	See src/sys/netinet/{fil.c, ip_fil.c}. icmptoicmp6types and
	icmptoicmp6unreach are available.

	I don't know these conversion table and framework matches the
	Internet standards. (RFC, etc...)
>Release-Note:
>Audit-Trail:
>Unformatted: