return-rst does not work for ipv6 in ipfilter

Sun Oct 12 11:58:05 PDT 2003

Hi guys,

The 'return-rst' option in ipfilter does not work for ipv6. I sent a problem
report and just in case decided to send this patch here too. That option
saves a lot of headache and it would be very nice to have it work properly.

The patch was originally written by Peter Postma. I edited it a little so it
can be applied without problems. I am not really a code guru, so if someone
could review this patch, it would be great!

Thanks in advance,
Andrew Konstantinov

--- ip_fil.c.orig       Fri Dec  6 12:45:45 2002
+++ ip_fil.c    Tue Mar 25 17:05:09 2003
@@ -1937,24 +1937,24 @@
        struct route_in6 ip6route;
        struct sockaddr_in6 *dst6;
        struct route_in6 *ro;
-       struct ifnet *ifp;
+       struct ifnet *ifp = (fdp != NULL) ? fdp->fd_ifp : fin->fin_ifp;
        frentry_t *fr;
 #if defined(OpenBSD) && (OpenBSD >= 200211)
        struct route_in6 *ro_pmtu = NULL;
        struct in6_addr finaldst;
-       ip6_t *ip6;
 #endif
+       ip6_t *ip6;
        u_long mtu;
        int error;

-       ifp = NULL;
        ro = &ip6route;
+       ip6 = mtod(m0, struct ip6_t *);
        fr = fin->fin_fr;
        bzero((caddr_t)ro, sizeof(*ro));
        dst6 = (struct sockaddr_in6 *)&ro->ro_dst;
        dst6->sin6_family = AF_INET6;
        dst6->sin6_len = sizeof(struct sockaddr_in6);
-       dst6->sin6_addr = fin->fin_fi.fi_src.in6;
+       dst6->sin6_addr = ip6->ip6_dst;

        if (fdp != NULL)
                ifp = fdp->fd_ifp;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20031012/28cbb66c/attachment.bin
