Page MenuHomeFreeBSD
Differential D54166

pf: handle TTL expired during nat64
ClosedPublic
Actions

Authored by kp on Wed, Dec 10, 8:04 PM.

Details

Reviewers
None
Group Reviewers
network
pfsense
Commits
rGac4fb06d096d: pf: handle TTL expired during nat64
Summary

If the TTL (or hop limit) expires during nat64 translation we may
need to send the error message in the original address family (i.e.
pre-translation).
We'd usually handle this in pf_route()/pf_route6(), but at that point we
have already translated the packet, making it difficult to include it in
the generated ICMP message.

Check for this case in pf_translate_af() and send icmp errors directly
from it.

PR: 291527
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp created this revision.Wed, Dec 10, 8:04 PM
Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 3 others. · View Herald TranscriptWed, Dec 10, 8:04 PM
kp requested review of this revision.Wed, Dec 10, 8:04 PM
Harbormaster completed remote builds in B69163: Diff 167828.Wed, Dec 10, 8:05 PM
This revision was not accepted when it landed; it landed in state Needs Review.Thu, Dec 11, 10:36 AM
Closed by commit rGac4fb06d096d: pf: handle TTL expired during nat64 (authored by kp). · Explain Why
This revision was automatically updated to reflect the committed changes.
kp added a commit: rGac4fb06d096d: pf: handle TTL expired during nat64.

Revision Contents
Changeset List

PathSize
sys/
net/
1 line
netpfil/
pf/
25 lines
tests/
sys/
netpfil/
pf/
36 lines

Diff 167860

View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf.c

Loading...
View Options

tests/sys/netpfil/pf/nat64.py

Loading...