git: 6e7f24e0a526 - main - pf: fix nat64 ICMP translation

Wed, 05 Mar 2025 01:38:38 -0800 

The branch main has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=6e7f24e0a5262d7e040f4f6e9167c544e006176d

commit 6e7f24e0a5262d7e040f4f6e9167c544e006176d
Author:     Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-03-04 13:51:09 +0000
Commit:     Kristof Provost <k...@freebsd.org>
CommitDate: 2025-03-05 09:37:57 +0000

    pf: fix nat64 ICMP translation
    
    Fix more incorrect use of the iih pointer, this time causing corruption in 
nat64
    translated ICMP error messages.
    Extend the relevant test case to catch this bug.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D49231
---
 sys/netpfil/pf/pf.c           | 4 ++--
 tests/sys/netpfil/pf/nat64.py | 6 ++++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 2b28474f36c6..3bf7e0e2077c 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -8452,7 +8452,7 @@ pf_test_state_icmp(struct pf_kstate **state, struct 
pf_pdesc *pd,
                                            nk->port[iidx] != iih->icmp_id)
                                                iih->icmp_id = nk->port[iidx];
                                        m_copyback(pd2.m, pd2.off, ICMP_MINLEN,
-                                           (c_caddr_t)&iih);
+                                           (c_caddr_t)iih);
                                        PF_ACPY(&pd->nsaddr,
                                            &nk->addr[pd2.sidx], nk->af);
                                        PF_ACPY(&pd->ndaddr,
@@ -8579,7 +8579,7 @@ pf_test_state_icmp(struct pf_kstate **state, struct 
pf_pdesc *pd,
                                            nk->port[iidx] != iih->icmp6_id)
                                                iih->icmp6_id = nk->port[iidx];
                                        m_copyback(pd2.m, pd2.off,
-                                           sizeof(struct icmp6_hdr), 
(c_caddr_t)&iih);
+                                           sizeof(struct icmp6_hdr), 
(c_caddr_t)iih);
                                        PF_ACPY(&pd->nsaddr,
                                            &nk->addr[pd2.sidx], nk->af);
                                        PF_ACPY(&pd->ndaddr,
diff --git a/tests/sys/netpfil/pf/nat64.py b/tests/sys/netpfil/pf/nat64.py
index 42ab29a5aa0a..e64b7bbd573b 100644
--- a/tests/sys/netpfil/pf/nat64.py
+++ b/tests/sys/netpfil/pf/nat64.py
@@ -238,7 +238,7 @@ class TestNAT64(VnetTestTemplate):
             ip = reply.getlayer(sp.IPv6)
             assert icmp
             assert ip.src == "64:ff9b::c000:202"
-            return
+            return reply
 
         # If we don't find the packet we expect to see
         assert False
@@ -282,4 +282,6 @@ class TestNAT64(VnetTestTemplate):
 
         packet = sp.IPv6(dst="64:ff9b::198.51.100.2", hlim=1) \
             / sp.ICMPv6EchoRequest() / sp.Raw("foo")
-        self.common_test_source_addr(packet)
+        reply = self.common_test_source_addr(packet)
+        icmp = reply.getlayer(sp.ICMPv6EchoRequest)
+        assert icmp

Reply via email to