Module Name: src
Committed By: maxv
Date: Wed Mar 14 09:32:04 UTC 2018
Modified Files:
src/sys/net/npf: npf_sendpkt.c
Log Message:
Fix the "return-rst" rule on IPv6 packets.
The scopes needed to be set on the addresses before invoking ip6_output,
because ip6_output needs them. The reason they are not here already is
because pfil_run_hooks (in ip6_input) is called _before_ the kernel
initializes the scopes.
Until now ip6_output was always failing, and the IPv6-TCP-RST packet was
never actually sent.
Perhaps it would be better to have the kernel initialize the scopes
before invoking pfil_run_hooks, but several things will need to be fixed
in several places.
Tested with a simple TCPv6 server. Until now the client would block
waiting for an answer that never came; now it receives an RST right away
and closes the connection, as expected.
I believe that the same problem exists in the "return-icmp" rules, but I
can't investigate this right now (some problems with wireshark).
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/sys/net/npf/npf_sendpkt.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
