CVS commit: src/sys/net/npf

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys/net/npf
From: "Maxime Villard" <maxv%netbsd.org@localhost>
Date: Wed, 14 Mar 2018 09:32:04 +0000

Module Name:    src
Committed By:   maxv
Date:           Wed Mar 14 09:32:04 UTC 2018

Modified Files:
        src/sys/net/npf: npf_sendpkt.c

Log Message:
Fix the "return-rst" rule on IPv6 packets.

The scopes needed to be set on the addresses before invoking ip6_output,
because ip6_output needs them. The reason they are not here already is
because pfil_run_hooks (in ip6_input) is called _before_ the kernel
initializes the scopes.

Until now ip6_output was always failing, and the IPv6-TCP-RST packet was
never actually sent.

Perhaps it would be better to have the kernel initialize the scopes
before invoking pfil_run_hooks, but several things will need to be fixed
in several places.

Tested with a simple TCPv6 server. Until now the client would block
waiting for an answer that never came; now it receives an RST right away
and closes the connection, as expected.

I believe that the same problem exists in the "return-icmp" rules, but I
can't investigate this right now (some problems with wireshark).


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/sys/net/npf/npf_sendpkt.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src
Next by Date: CVS commit: src/external/mit/xorg/include/xorgproto/X11
Previous by Thread: CVS commit: src
Next by Thread: CVS commit: src/external/mit/xorg/include/xorgproto/X11
Indexes:

Home | Main Index | Thread Index | Old Index