Hello,
On Wed, Jan 27, 2021 at 04:41:01PM +1000, David Gwynne wrote:
> at the moment if the route is invalid, we drop the packet. this
> generates an icmp error.
>
> ok?
looks good to me.
ok sashan
>
> Index: pf.c
> ===================================================================
> RCS file: /cvs/src/sys/net/pf.c,v
> retrieving revision 1.1103
> diff -u -p -r1.1103 pf.c
> --- pf.c 27 Jan 2021 04:46:21 -0000 1.1103
> +++ pf.c 27 Jan 2021 06:38:12 -0000
> @@ -6055,6 +6055,10 @@ pf_route(struct pf_pdesc *pd, struct pf_
>
> rt = rtalloc(sintosa(dst), RT_RESOLVE, rtableid);
> if (!rtisvalid(rt)) {
> + if (r->rt != PF_DUPTO) {
> + pf_send_icmp(m0, ICMP_UNREACH, ICMP_UNREACH_HOST,
> + 0, pd->af, s->rule.ptr, pd->rdomain);
> + }
> ipstat_inc(ips_noroute);
> goto bad;
> }
> @@ -6210,6 +6214,11 @@ pf_route6(struct pf_pdesc *pd, struct pf
> dst->sin6_addr.s6_addr16[1] = htons(ifp->if_index);
> rt = rtalloc(sin6tosa(dst), RT_RESOLVE, rtableid);
> if (!rtisvalid(rt)) {
> + if (r->rt != PF_DUPTO) {
> + pf_send_icmp(m0, ICMP6_DST_UNREACH,
> + ICMP6_DST_UNREACH_NOROUTE, 0,
> + pd->af, s->rule.ptr, pd->rdomain);
> + }
> ip6stat_inc(ip6s_noroute);
> goto bad;
> }
>
