git: d1f4b9ffabbc - main - pf: emit ICMPv6 packet too big for route-to
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 09 Apr 2025 19:30:42 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=d1f4b9ffabbcc2c29ab83435bd73b0670818bbd1 commit d1f4b9ffabbcc2c29ab83435bd73b0670818bbd1 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-04-09 12:38:39 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-04-09 19:30:17 +0000 pf: emit ICMPv6 packet too big for route-to Based on OpenBSD's ae08e5b41d6 (by sashan <sashan@openbsd.org>). We already implemented most of this (i.e. the refragmenting) but we did not send the packet-too-big error. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf_norm.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index 382f876234da..2dc4553bd4f4 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -43,6 +43,7 @@ #include <net/if.h> #include <net/if_var.h> +#include <net/if_private.h> #include <net/vnet.h> #include <net/pfvar.h> #include <net/if_pflog.h> @@ -1051,7 +1052,13 @@ pf_refragment6(struct ifnet *ifp, struct mbuf **m0, struct m_tag *mtag, dst.sin6_len = sizeof(dst); dst.sin6_addr = hdr->ip6_dst; - nd6_output_ifp(rt, rt, m, &dst, NULL); + if (m->m_pkthdr.len <= if_getmtu(ifp)) { + nd6_output_ifp(rt, rt, m, &dst, NULL); + } else { + in6_ifstat_inc(ifp, ifs6_in_toobig); + icmp6_error(m, ICMP6_PACKET_TOO_BIG, 0, + if_getmtu(ifp)); + } } else if (forward) { MPASS(m->m_pkthdr.rcvif != NULL); ip6_forward(m, 0);