Date: Tue, 25 Feb 2025 09:41:52 +0000 From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 284944] pf: incorrect ICMP error translation in af-to inet Message-ID: <bug-284944-16861-PHfizu4S8j@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-284944-16861@https.bugs.freebsd.org/bugzilla/> References: <bug-284944-16861@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D284944 Kristof Provost <kp@freebsd.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kp@freebsd.org Status|New |In Progress Assignee|pf@FreeBSD.org |kp@freebsd.org --- Comment #1 from Kristof Provost <kp@freebsd.org> --- I can confirm that bug, and I see why it's broken. This even affects OpenBS= D. I'm testing a patch along these lines: diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index f3c9ea7a2fb1..ac4bab45ffda 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -8109,8 +8109,18 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd, nk->port[didx], 1, pd->af, nk->= af); m_copyback(pd2.m, pd2.off, sizeof(u= h), (c_caddr_t)&uh); - PF_ACPY(&pd->nsaddr, - &nk->addr[pd2.sidx], nk->af); + if (pd->af =3D=3D AF_INET) { + struct pf_addr prefix, nsad= dr; + int prefixlen =3D in6_mask2= len( + (struct in6_addr *)&(*state)->rule->dst.addr.v.a.mask, NULL); + if (prefixlen < 32) + prefixlen =3D 96; + PF_ACPY(&prefix, &nk->addr[pd2.sidx], nk->af); + PF_ACPY(&nsaddr, pd->src, pd->af); + inet_nat64(AF_INET6, pd->sr= c, &nsaddr, &prefix, + prefixlen); + PF_ACPY(&pd->nsaddr, &nsadd= r, AF_INET6); + } PF_ACPY(&pd->ndaddr, &nk->addr[pd2.didx], nk->af); pd->naf =3D nk->af; (Though that only fixes the issue for UDP ICMP payloads, and can stand some cleanup.) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-284944-16861-PHfizu4S8j>