https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284944
Kristof Provost <k...@freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |k...@freebsd.org
Status|New |In Progress
Assignee|pf@FreeBSD.org |k...@freebsd.org
--- Comment #1 from Kristof Provost <k...@freebsd.org> ---
I can confirm that bug, and I see why it's broken. This even affects OpenBSD.
I'm testing a patch along these lines:
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index f3c9ea7a2fb1..ac4bab45ffda 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -8109,8 +8109,18 @@ pf_test_state_icmp(struct pf_kstate **state, struct
pf_pdesc *pd,
nk->port[didx], 1, pd->af, nk->af);
m_copyback(pd2.m, pd2.off, sizeof(uh),
(c_caddr_t)&uh);
- PF_ACPY(&pd->nsaddr,
- &nk->addr[pd2.sidx], nk->af);
+ if (pd->af == AF_INET) {
+ struct pf_addr prefix, nsaddr;
+ int prefixlen = in6_mask2len(
+ (struct in6_addr
*)&(*state)->rule->dst.addr.v.a.mask, NULL);
+ if (prefixlen < 32)
+ prefixlen = 96;
+ PF_ACPY(&prefix,
&nk->addr[pd2.sidx], nk->af);
+ PF_ACPY(&nsaddr, pd->src,
pd->af);
+ inet_nat64(AF_INET6, pd->src,
&nsaddr, &prefix,
+ prefixlen);
+ PF_ACPY(&pd->nsaddr, &nsaddr,
AF_INET6);
+ }
PF_ACPY(&pd->ndaddr,
&nk->addr[pd2.didx], nk->af);
pd->naf = nk->af;
(Though that only fixes the issue for UDP ICMP payloads, and can stand some
cleanup.)
--
You are receiving this mail because:
You are the assignee for the bug.
