Module Name: src Committed By: maxv Date: Sat Mar 17 10:42:24 UTC 2018
Modified Files: src/sys/net/npf: npf_sendpkt.c Log Message: Set the scopes before calling icmp6_error(). This fixes a bug similar to the one I fixed in rev1.17: since the scopes were not set the packet was never actually sent. Tested with wireshark, now the ICMPv6 reply is correctly sent, as expected. To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/sys/net/npf/npf_sendpkt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/net/npf/npf_sendpkt.c diff -u src/sys/net/npf/npf_sendpkt.c:1.17 src/sys/net/npf/npf_sendpkt.c:1.18 --- src/sys/net/npf/npf_sendpkt.c:1.17 Wed Mar 14 09:32:04 2018 +++ src/sys/net/npf/npf_sendpkt.c Sat Mar 17 10:42:23 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: npf_sendpkt.c,v 1.17 2018/03/14 09:32:04 maxv Exp $ */ +/* $NetBSD: npf_sendpkt.c,v 1.18 2018/03/17 10:42:23 maxv Exp $ */ /*- * Copyright (c) 2010-2011 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ #ifdef _KERNEL #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: npf_sendpkt.c,v 1.17 2018/03/14 09:32:04 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: npf_sendpkt.c,v 1.18 2018/03/17 10:42:23 maxv Exp $"); #include <sys/param.h> #include <sys/types.h> @@ -213,6 +213,18 @@ npf_return_icmp(const npf_cache_t *npc) icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_ADMIN_PROHIBIT, 0, 0); return 0; } else if (npf_iscached(npc, NPC_IP6)) { + /* Handle IPv6 scopes */ + const struct ifnet *rcvif = npc->npc_nbuf->nb_ifp; + struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); + if (in6_clearscope(&ip6->ip6_src) || + in6_clearscope(&ip6->ip6_dst)) { + return EINVAL; + } + if (in6_setscope(&ip6->ip6_src, rcvif, NULL) || + in6_setscope(&ip6->ip6_dst, rcvif, NULL)) { + return EINVAL; + } + icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADMIN, 0); return 0; }