CVSROOT: /cvs
Module name: src
Changes by: sas...@cvs.openbsd.org 2025/03/04 04:52:44
Modified files:
sys/net : pf.c
Log message:
Fix incorrect ICMP error translation in af-to NAT. In typical situation
pf uses destination address found in state for IPv6 source address
in af-to translated packet. However for ICMPv4 errors we need to
replace the least 32bits in IPv6 source address with source address
from ICMPv4 reply packet we are forwarding. This way IPv6 host
which is going to receive the error can see the reply is coming
from router on the path and not from destination. This change
enables traceroute6 behind af-to to provide meaningful information.
The issue was kindly reported by Kristof Provost (kp _vond_ freebsd _dot_ org)
Testing and feedback comes from bluhm@
OK bluhm@
