Hi guys, The 'return-rst' option in ipfilter does not work for ipv6. I sent a problem report and just in case decided to send this patch here too. That option saves a lot of headache and it would be very nice to have it work properly.
The patch was originally written by Peter Postma. I edited it a little so it can be applied without problems. I am not really a code guru, so if someone could review this patch, it would be great! Thanks in advance, Andrew Konstantinov --- ip_fil.c.orig Fri Dec 6 12:45:45 2002 +++ ip_fil.c Tue Mar 25 17:05:09 2003 @@ -1937,24 +1937,24 @@ struct route_in6 ip6route; struct sockaddr_in6 *dst6; struct route_in6 *ro; - struct ifnet *ifp; + struct ifnet *ifp = (fdp != NULL) ? fdp->fd_ifp : fin->fin_ifp; frentry_t *fr; #if defined(OpenBSD) && (OpenBSD >= 200211) struct route_in6 *ro_pmtu = NULL; struct in6_addr finaldst; - ip6_t *ip6; #endif + ip6_t *ip6; u_long mtu; int error; - ifp = NULL; ro = &ip6route; + ip6 = mtod(m0, struct ip6_t *); fr = fin->fin_fr; bzero((caddr_t)ro, sizeof(*ro)); dst6 = (struct sockaddr_in6 *)&ro->ro_dst; dst6->sin6_family = AF_INET6; dst6->sin6_len = sizeof(struct sockaddr_in6); - dst6->sin6_addr = fin->fin_fi.fi_src.in6; + dst6->sin6_addr = ip6->ip6_dst; if (fdp != NULL) ifp = fdp->fd_ifp;
pgp00000.pgp
Description: PGP signature