From nobody Thu Mar 16 10:01:25 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PcjTK6LFwz3yf5X; Thu, 16 Mar 2023 10:01:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PcjTK5p2Bz45DM; Thu, 16 Mar 2023 10:01:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678960885; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=G4hrmuGyRwYVEit0jv7b5bax1xmni62JWdKBQva8NNE=; b=C0I8/nP/1H43dz3jbkeT5mx1KV5wtDMPGwiKMbGzJQ7yaCPuPMinv0ZHDMvS/nKyIWlRdz IcnneGzDPl+pAaoNgFmiciga1hC+xahwQYhfUCrldt9Pb2M3Ard9BvXcxeTGS8bkpqsUnu sOvQxrHmBnDI8bZFzucvH8GFtddFpXs3qs+w8CokybLUv6I5XvVFkONCeVI4N1R5/qWpOW YarSmNPsLv84ZrJxpqLpJp8JJHvsQUtboHRi7pFoPxMWV1EspvionF8ctp0H7QGSplYhyF +y/hEVGcW5TJpy7LcoUK//luQ+ehkr3//V++Im2lL35FnXKd+mOecKy88AeAHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678960885; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=G4hrmuGyRwYVEit0jv7b5bax1xmni62JWdKBQva8NNE=; b=OzO02XtE7PTQPwIymQFyxsPiEQcgOTYtuwzIQUwy8wEHkRFtJQes6II4jOT5n2NjzfGjeQ ZVcsXzR5LoYGmi8NaOwMrGZ4UXduSqcEYgPdL4s0JmMYjCfoXRmJxjA3MD35ALa5rGF43J YQ/9X7yJHOgj9WnQLh2D0ixEzVC3uCrUOdVyEUp1eX5+5bPgUcHW7kBty59+678/UAKWIF i8XBkNCKC2qILwPLwk2FGOsgLcaYUMSHa/v1uO4B8hbw3GyvYcsH4PQm41CiPYX1uPCUFV IyKMc4o8fytPlWWXZ57E1fPFWMPFLaexX1ixtprxXuu8ooGC0qRz940HcilFlw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1678960885; a=rsa-sha256; cv=none; b=J9Wu0rwIbzVXO40m9snldpHiOQYv129Tcwka5D2PBSQKYLN6BXL3Xl1n+xxUuOdeeL7cU5 /4TryiFODPk2Qwr+XaS0uDPgGxuufM0EmXrWzVjJgPARST1+fmTapOn+8TYoI3xuzSnCkj dJh+MgkIXOTZuVMjsDiw7pjq6QYDAwvOLfxjtK+EmVzGKUnZ+Gz/0sgELC9SsFQKWJJNVY tP6Qx6tvLgr4bDb6FGm7zUB5XQth+TissopcfQ1GEjlpo3ZewG4KHujiACTSBGH76deEbG 6QrC0Ol4RLu1AVIOZGsgkaUlnDaIbdLRX9u5Fqr5RcBu6QPefLWHFCpC29hZKw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PcjTK46DJzfFk; Thu, 16 Mar 2023 10:01:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 32GA1PvI062725; Thu, 16 Mar 2023 10:01:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 32GA1PB0062724; Thu, 16 Mar 2023 10:01:25 GMT (envelope-from git) Date: Thu, 16 Mar 2023 10:01:25 GMT Message-Id: <202303161001.32GA1PB0062724@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 80e76c61ccc4 - main - pf: set scope in pf_refragment6() List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 80e76c61ccc47651ca1be34b912d53536db34e6f Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=80e76c61ccc47651ca1be34b912d53536db34e6f commit 80e76c61ccc47651ca1be34b912d53536db34e6f Author: Kristof Provost AuthorDate: 2023-03-13 09:27:59 +0000 Commit: Kristof Provost CommitDate: 2023-03-16 09:59:04 +0000 pf: set scope in pf_refragment6() Link-local traffic needs to have a scope embedded before it's passed on to ip6_output(). Do so in pf_refragment6(), because when we end up here in the output path we may have passed through ip6_output() already (before being reassembled), where the scope would have been removed. Re-embed the scope so that link-local traffic is sent correctly. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D39062 --- sys/netpfil/pf/pf_norm.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c index bc5f6d38a2bf..8d36e72d71b2 100644 --- a/sys/netpfil/pf/pf_norm.c +++ b/sys/netpfil/pf/pf_norm.c @@ -52,6 +52,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -946,6 +947,7 @@ pf_refragment6(struct ifnet *ifp, struct mbuf **m0, struct m_tag *mtag, bool forward) { struct mbuf *m = *m0, *t; + struct ip6_hdr *hdr; struct pf_fragment_tag *ftag = (struct pf_fragment_tag *)(mtag + 1); struct pf_pdesc pd; uint32_t frag_id; @@ -972,13 +974,17 @@ pf_refragment6(struct ifnet *ifp, struct mbuf **m0, struct m_tag *mtag, *(mtod(m, char *) + off) = IPPROTO_FRAGMENT; m = *m0; } else { - struct ip6_hdr *hdr; - hdr = mtod(m, struct ip6_hdr *); proto = hdr->ip6_nxt; hdr->ip6_nxt = IPPROTO_FRAGMENT; } + /* In case of link-local traffic we'll need a scope set. */ + hdr = mtod(m, struct ip6_hdr *); + + in6_setscope(&hdr->ip6_src, ifp, NULL); + in6_setscope(&hdr->ip6_dst, ifp, NULL); + /* The MTU must be a multiple of 8 bytes, or we risk doing the * fragmentation wrong. */ maxlen = maxlen & ~7;