Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-8]: src/sys/external/bsd/ipf/netinet Pull up following revision(s...
details: https://anonhg.NetBSD.org/src/rev/6aa154b12bf6
branches: netbsd-8
changeset: 434212:6aa154b12bf6
user: snj <snj%NetBSD.org@localhost>
date: Mon Aug 14 23:51:14 2017 +0000
description:
Pull up following revision(s) (requested by christos in ticket #206):
sys/external/bsd/ipf/netinet/ip_fil_netbsd.c: 1.24-1.26
Fix ipf failing to sent TCP RST's on link-local interfaces by stuffing
the scope KAME style before calling the routing routines instead of after.
>From Edgar Fuss.
--
>From Edgar Fuss:
ipf's return-icmp doesn't work when the packet matched by the rule is
directed at a link local address. The problem is that
ipf_send_icmp_err() calls ipf_ifpaddr() to find an address of the
interface in question, but that routine discards link local addresses.
I guess the best fix is to simply use the destination address instead if
it is link local, i.e. treat the rule as if return-icmp-as-dest was
given in this case.
--
use the scoping functions (JINMEI, Tatuya)
diffstat:
sys/external/bsd/ipf/netinet/ip_fil_netbsd.c | 27 +++++++++++++++------------
1 files changed, 15 insertions(+), 12 deletions(-)
diffs (76 lines):
diff -r 539aa9da8d3c -r 6aa154b12bf6 sys/external/bsd/ipf/netinet/ip_fil_netbsd.c
--- a/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c Mon Aug 14 23:39:24 2017 +0000
+++ b/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c Mon Aug 14 23:51:14 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_fil_netbsd.c,v 1.23 2017/05/12 08:03:26 christos Exp $ */
+/* $NetBSD: ip_fil_netbsd.c,v 1.23.2.1 2017/08/14 23:51:14 snj Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -8,7 +8,7 @@
#if !defined(lint)
#if defined(__NetBSD__)
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_fil_netbsd.c,v 1.23 2017/05/12 08:03:26 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_fil_netbsd.c,v 1.23.2.1 2017/08/14 23:51:14 snj Exp $");
#else
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_fil_netbsd.c,v 1.1.1.2 2012/07/22 13:45:17 darrenr Exp";
@@ -79,6 +79,9 @@
# if (__NetBSD_Version__ >= 106000000)
# include <netinet6/nd6.h>
# endif
+# if __NetBSD_Version__ >= 499001100
+# include <netinet6/scope6_var.h>
+# endif
#endif
#include "netinet/ip_fil.h"
#include "netinet/ip_nat.h"
@@ -987,7 +990,7 @@
}
xtra = MIN(fin->fin_plen, avail - iclen - max_linkhdr);
xtra = MIN(xtra, IPV6_MMTU - iclen);
- if (dst == 0) {
+ if (dst == 0 && !IN6_IS_ADDR_LINKLOCAL(&fin->fin_dst6.in6)) {
if (ipf_ifpaddr(&ipfmain, 6, FRI_NORMAL, ifp,
&dst6, NULL) == -1) {
FREE_MB_T(m);
@@ -1420,6 +1423,12 @@
sockaddr_in6_init(&u.dst6, &fdp->fd_ip6.in6, 0, 0, 0);
else
sockaddr_in6_init(&u.dst6, &fin->fin_fi.fi_dst.in6, 0, 0, 0);
+ if ((error = in6_setscope(&u.dst6.sin6_addr, ifp,
+ &u.dst6.sin6_scope_id)) != 0)
+ return error;
+ if ((error = sa6_embedscope(&u.dst6, 0)) != 0)
+ return error;
+
dst = &u.dst;
rtcache_setdst(ro, dst);
@@ -1431,6 +1440,9 @@
dst6->sin6_family = AF_INET6;
dst6->sin6_len = sizeof(struct sockaddr_in6);
dst6->sin6_addr = fin->fin_fi.fi_dst.in6;
+ /* KAME */
+ if (IN6_IS_ADDR_LINKLOCAL(&dst6->sin6_addr))
+ dst6->sin6_addr.s6_addr16[1] = htons(ifp->if_index);
if (fdp != NULL) {
if (IP6_NOTZERO(&fdp->fd_ip6))
@@ -1449,15 +1461,6 @@
goto bad;
}
- /* KAME */
-# if __NetBSD_Version__ >= 499001100
- if (IN6_IS_ADDR_LINKLOCAL(&u.dst6.sin6_addr))
- u.dst6.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
-# else
- if (IN6_IS_ADDR_LINKLOCAL(&dst6->sin6_addr))
- dst6->sin6_addr.s6_addr16[1] = htons(ifp->if_index);
-# endif
-
{
# if (__NetBSD_Version__ >= 106010000) && !defined(IN6_LINKMTU)
struct in6_ifextra *ife;
Home |
Main Index |
Thread Index |
Old Index