From fcbc8c046f607f8b2b4241bdfeb561fef489585a Mon Sep 17 00:00:00 2001
From: martti <martti@NetBSD.org>
Date: Mon, 10 Sep 2007 06:12:02 +0000
Subject: [PATCH] Fixed IPF bug #1767831

  ipflog() & ipmon ignore IPv6 extension headers

Patch fetched from the SourceForge bug report.
---
 dist/ipf/tools/ipmon.c        | 25 ++++++++++++++++++++++++-
 sys/dist/ipf/netinet/ip_log.c |  9 ++++++---
 2 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/dist/ipf/tools/ipmon.c b/dist/ipf/tools/ipmon.c
index 01955517cf2d..f378f2f55a80 100644
--- a/dist/ipf/tools/ipmon.c
+++ b/dist/ipf/tools/ipmon.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipmon.c,v 1.10 2007/06/16 10:52:26 martin Exp $	*/
+/*	$NetBSD: ipmon.c,v 1.11 2007/09/10 06:12:02 martti Exp $	*/
 
 /*
  * Copyright (C) 2001-2006 by Darren Reed.
@@ -1003,6 +1003,9 @@ int	blen;
 	iplog_t	*ipl;
 #ifdef	USE_INET6
 	ip6_t *ip6;
+	int	go;
+	u_short	ehl;
+	struct	ip6_ext *ehp;
 #endif
 
 	ipl = (iplog_t *)buf;
@@ -1111,6 +1114,26 @@ int	blen;
 		s = (u_32_t *)&ip6->ip6_src;
 		d = (u_32_t *)&ip6->ip6_dst;
 		plen = hl + ntohs(ip6->ip6_plen);
+		go = 1;
+		ehp = (struct ip6_ext *)((char *)ip6 + hl);
+		do {
+		    switch (p) {
+			case IPPROTO_HOPOPTS:
+			case IPPROTO_MOBILITY:
+			case IPPROTO_DSTOPTS:
+			case IPPROTO_ROUTING:
+			case IPPROTO_AH:
+			    p = ehp->ip6e_nxt;
+			    ehl = 8 + (ehp->ip6e_len << 3);
+			    hl += ehl;
+			    ehp = (struct ip6_ext *)((char *)ehp + ehl);
+			    break;
+			case IPPROTO_FRAGMENT:
+			    hl += sizeof(ip6_frag_t);
+			default:
+			    go = 0;
+		    }
+		} while (go);
 #else
 		sprintf(t, "ipv6");
 		goto printipflog;
diff --git a/sys/dist/ipf/netinet/ip_log.c b/sys/dist/ipf/netinet/ip_log.c
index c7e287ad836b..9e8b32025379 100644
--- a/sys/dist/ipf/netinet/ip_log.c
+++ b/sys/dist/ipf/netinet/ip_log.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_log.c,v 1.7 2007/04/14 20:34:37 martin Exp $	*/
+/*	$NetBSD: ip_log.c,v 1.8 2007/09/10 06:12:02 martti Exp $	*/
 
 /*
  * Copyright (C) 1997-2003 by Darren Reed.
@@ -9,7 +9,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_log.c,v 1.7 2007/04/14 20:34:37 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_log.c,v 1.8 2007/09/10 06:12:02 martti Exp $");
 
 #include <sys/param.h>
 #if defined(KERNEL) || defined(_KERNEL)
@@ -274,7 +274,10 @@ u_int flags;
 
 	ipfl.fl_nattag.ipt_num[0] = 0;
 	ifp = fin->fin_ifp;
-	hlen = fin->fin_hlen;
+	if (fin->fin_exthdr != NULL)
+		hlen = (char *)fin->fin_dp - (char *)fin->fin_ip;
+	else
+		hlen = fin->fin_hlen;
 	/*
 	 * calculate header size.
 	 */