254896 – ipfw do not matches "proto ipv6" but "proto ip6" works

Bug 254896 - ipfw do not matches "proto ipv6" but "proto ip6" works

Summary: ipfw do not matches "proto ipv6" but "proto ip6" works

Status:	Closed Not A Bug

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	12.1-RELEASE
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	freebsd-ipfw (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-04-08 21:57 UTC by Radim Kolar
Modified:	2021-04-12 10:50 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Radim Kolar 2021-04-08 21:57:26 UTC

fwd 2001:470:6e:525::1 proto ip6 src-ip6 2001:470:6f:525::/64

if you change in this rule "ip6" -> "ipv6" which should be according to man page possible no packets are matched and no error is reported.

Comment 1 Bob Bishop 2021-04-09 11:52:55 UTC

According to the man page: "The ipv6 in proto option will be treated as inner protocol." ie ip6 denotes outer protocol. This is only relevant where there is tunnelling. and it's debatable how this should be treated  where there is no tunnelling.

Comment 2 Andrey V. Elsukov freebsd_committer

2021-04-12 10:50:10 UTC

(In reply to Bob Bishop from comment #1)

Indeed, `ip6` is the reserved keyword, matches all upper level protocols that are used within IPv6. `proto ipv6` is protocol 41, means IPv6 datagram encapsulated inside.