ipf return-icmp on link local addresses

To: tech-net%netbsd.org@localhost
Subject: ipf return-icmp on link local addresses
From: Edgar Fuß <ef%math.uni-bonn.de@localhost>
Date: Thu, 20 Jul 2017 17:37:57 +0200

Does anyone use ipf with link local addresses?

ipf's return-icmp doesn't work when the packet matched by the rule is directed at a link local address. The problem is that ipf_send_icmp_err() calls ipf_ifpaddr() to find an address of the interface in question, but that routine discards link local addresses.
I guess the best fix is to simply use the destination address instead if it is link local, i.e. treat the rule as if return-icmp-as-dest was given in this case.

Index: ip_fil_netbsd.c
===================================================================
RCS file: /cvsroot/src/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c,v
retrieving revision 1.11
diff -u -p -r1.11 ip_fil_netbsd.c
--- ip_fil_netbsd.c	25 Jul 2014 08:10:39 -0000	1.11
+++ ip_fil_netbsd.c	20 Jul 2017 15:30:20 -0000
@@ -944,7 +944,7 @@ ipf_send_icmp_err(int type, fr_info_t *f
 		}
 		xtra = MIN(fin->fin_plen, avail - iclen - max_linkhdr);
 		xtra = MIN(xtra, IPV6_MMTU - iclen);
-		if (dst == 0) {
+		if (dst == 0 && !IN6_IS_ADDR_LINKLOCAL(&fin->fin_dst6.in6)) {
 			if (ipf_ifpaddr(&ipfmain, 6, FRI_NORMAL, ifp,
 				       &dst6, NULL) == -1) {
 				FREE_MB_T(m);

Follow-Ups:
- Re: ipf return-icmp on link local addresses
  - From: Edgar Fuß
- ipf_fastroute6() on gateway routes
  - From: Edgar Fuß

Prev by Date: Re: routing link local addresses: where to put the scope id?
Next by Date: ipf_fastroute6() on gateway routes
Previous by Thread: ip6_output(): routing link local addresses
Next by Thread: ipf_fastroute6() on gateway routes
Indexes:

Home | Main Index | Thread Index | Old Index