Module Name: src
Committed By: snj
Date: Mon Aug 14 23:51:14 UTC 2017
Modified Files:
src/sys/external/bsd/ipf/netinet [netbsd-8]: ip_fil_netbsd.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #206):
sys/external/bsd/ipf/netinet/ip_fil_netbsd.c: 1.24-1.26
Fix ipf failing to sent TCP RST's on link-local interfaces by stuffing
the scope KAME style before calling the routing routines instead of after.
>From Edgar Fuss.
--
>From Edgar Fuss:
ipf's return-icmp doesn't work when the packet matched by the rule is
directed at a link local address. The problem is that
ipf_send_icmp_err() calls ipf_ifpaddr() to find an address of the
interface in question, but that routine discards link local addresses.
I guess the best fix is to simply use the destination address instead if
it is link local, i.e. treat the rule as if return-icmp-as-dest was
given in this case.
--
use the scoping functions (JINMEI, Tatuya)
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.23.2.1 \
src/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c
diff -u src/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c:1.23 src/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c:1.23.2.1
--- src/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c:1.23 Fri May 12 08:03:26 2017
+++ src/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c Mon Aug 14 23:51:14 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_fil_netbsd.c,v 1.23 2017/05/12 08:03:26 christos Exp $ */
+/* $NetBSD: ip_fil_netbsd.c,v 1.23.2.1 2017/08/14 23:51:14 snj Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -8,7 +8,7 @@
#if !defined(lint)
#if defined(__NetBSD__)
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_fil_netbsd.c,v 1.23 2017/05/12 08:03:26 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_fil_netbsd.c,v 1.23.2.1 2017/08/14 23:51:14 snj Exp $");
#else
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_fil_netbsd.c,v 1.1.1.2 2012/07/22 13:45:17 darrenr Exp";
@@ -79,6 +79,9 @@ static const char rcsid[] = "@(#)Id: ip_
# if (__NetBSD_Version__ >= 106000000)
# include <netinet6/nd6.h>
# endif
+# if __NetBSD_Version__ >= 499001100
+# include <netinet6/scope6_var.h>
+# endif
#endif
#include "netinet/ip_fil.h"
#include "netinet/ip_nat.h"
@@ -987,7 +990,7 @@ ipf_send_icmp_err(int type, fr_info_t *f
}
xtra = MIN(fin->fin_plen, avail - iclen - max_linkhdr);
xtra = MIN(xtra, IPV6_MMTU - iclen);
- if (dst == 0) {
+ if (dst == 0 && !IN6_IS_ADDR_LINKLOCAL(&fin->fin_dst6.in6)) {
if (ipf_ifpaddr(&ipfmain, 6, FRI_NORMAL, ifp,
&dst6, NULL) == -1) {
FREE_MB_T(m);
@@ -1420,6 +1423,12 @@ ipf_fastroute6(struct mbuf *m0, struct m
sockaddr_in6_init(&u.dst6, &fdp->fd_ip6.in6, 0, 0, 0);
else
sockaddr_in6_init(&u.dst6, &fin->fin_fi.fi_dst.in6, 0, 0, 0);
+ if ((error = in6_setscope(&u.dst6.sin6_addr, ifp,
+ &u.dst6.sin6_scope_id)) != 0)
+ return error;
+ if ((error = sa6_embedscope(&u.dst6, 0)) != 0)
+ return error;
+
dst = &u.dst;
rtcache_setdst(ro, dst);
@@ -1431,6 +1440,9 @@ ipf_fastroute6(struct mbuf *m0, struct m
dst6->sin6_family = AF_INET6;
dst6->sin6_len = sizeof(struct sockaddr_in6);
dst6->sin6_addr = fin->fin_fi.fi_dst.in6;
+ /* KAME */
+ if (IN6_IS_ADDR_LINKLOCAL(&dst6->sin6_addr))
+ dst6->sin6_addr.s6_addr16[1] = htons(ifp->if_index);
if (fdp != NULL) {
if (IP6_NOTZERO(&fdp->fd_ip6))
@@ -1449,15 +1461,6 @@ ipf_fastroute6(struct mbuf *m0, struct m
goto bad;
}
- /* KAME */
-# if __NetBSD_Version__ >= 499001100
- if (IN6_IS_ADDR_LINKLOCAL(&u.dst6.sin6_addr))
- u.dst6.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
-# else
- if (IN6_IS_ADDR_LINKLOCAL(&dst6->sin6_addr))
- dst6->sin6_addr.s6_addr16[1] = htons(ifp->if_index);
-# endif
-
{
# if (__NetBSD_Version__ >= 106010000) && !defined(IN6_LINKMTU)
struct in6_ifextra *ife;
