pf: cope with IPv6 gateways for an IPv4 route in nat64
Needs ReviewPublic
Actions

Authored by kp on Fri, Feb 21, 4:33 PM.

Tags

None

Referenced Files

	F110711721: D49095.id151301.diff
	Sat, Feb 22, 5:01 AM

	F110707298: D49095.diff
	Sat, Feb 22, 3:33 AM

	F110700956: D49095.id.diff
	Sat, Feb 22, 1:52 AM

	F110671519: D49095.id151301.diff
	Fri, Feb 21, 5:54 PM

	F110671010: D49095.id.diff
	Fri, Feb 21, 5:45 PM

	F110668007: D49095.diff
	Fri, Feb 21, 4:48 PM

Subscribers

vegeta_tuxpowered.net

Details

Reviewers

None

Group Reviewers

network
pfsense

Summary

It's possible for an IPv4 next hop to be specified as an IPv6 address. This
broke pf's route lookup in pf_route(), which is required for nat64.

Handle this case just like ip_tryforward(): use the struct sockaddr from the
struct nhop_object, and mark a struct route to indicate if_output() has to use
the gateway.

Add a test case for this.

PR: 284946
Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 62565
Build 59449: arc lint + arc unit

Event Timeline

kp created this revision.Fri, Feb 21, 4:33 PM

Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 2 others. · View Herald TranscriptFri, Feb 21, 4:33 PM

kp requested review of this revision.Fri, Feb 21, 4:33 PM

Harbormaster completed remote builds in B62565: Diff 151301.Fri, Feb 21, 4:33 PM

While this does fix this test case it seems to break others. I’ll debug and update.

Revision Contents
Changeset List

Path

Size

sys/

netpfil/

pf/

pf.c

38 lines

tests/

sys/

netpfil/

pf/

nat64.sh

62 lines

Diff 151301

View Options

sys/netpfil/pf/pf.c