From nobody Wed Mar 05 09:38:13 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z76tG03SGz5pWL7;
	Wed, 05 Mar 2025 09:38:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Z76tF4QpRz41Bs;
	Wed, 05 Mar 2025 09:38:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1741167493;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=A1KUxfj56igzWL1WGEZ8ZoXd2p8gew80eyXiu6GEVAI=;
	b=cW5JbZ2uMt29kbib2ajuohcuVlNQDfmMdSXCTTi79Firl09kO6C/DjSn0JOaQ4CzbEHIPF
	QjRkNsJuqa/7O4pQXWTA3D2hFTTRRciiXUJV++p9SdwQwLQpVu0EVif+8zxPpf73q+Wt58
	HKUb92csw+tWspv6qhvvDvUapcApNnFRiFSm8y//GKaPttJx6yAi0tL+Gtnaey2yQGUZd/
	J+ZweC6WQnnjJVlMEgNzUlhdNjCL8k6M+eZdLOrg16aJR4mmbSv6FTWweJT4pFkHDC1n9I
	7uNdc03Z80Py9PWrdSPzaW6GfuMoaKBxrvp+JrsZu1Q2Ne3DAK2Rc2mE9QU7YQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1741167493; a=rsa-sha256; cv=none;
	b=heas8hyHXmbi2XAxh85ah/uSxvJAukZGlimfY5Mp7TuNjxhJswwjr8yS8fZdh3eCzRgfn9
	haWKHA9oUoPH+9I9/bEQFapkVf/DL9MKY3GBkIKAit4ip8mkoHOX4Js8hbzLXeBckHl9IO
	x54VmsEWUToBUPSSeArPuJBGp8cddPDAOwcD0FWwJBl5vxiXaCrp/OYeehadyh9rQ5lNof
	7VQoj4mIAPJhYoIO/RrxPlJ3rL0uzRgl9HCrqu/lSoH4BzEtlWrHgxED9uKuJF0uKd/aav
	dIECHtCto5uwvTxVOboLDqA2EcoGl5/A+rypjb0YJ0SkFhtZ+rChLm65G2UT9g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1741167493;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=A1KUxfj56igzWL1WGEZ8ZoXd2p8gew80eyXiu6GEVAI=;
	b=QCG0IlJ0eQOy4ApKo8iMp22DnFF6MyL5SUIN3Hhr7Skj/pqa8/BiTrvHrxJe6o3BxLYeSZ
	2zXf+ClufFWmn2BkHl35JFoIhktxINSWs8M/jP8GsOu2CpP1nKiOXyZ84y8jec1YkRFIo/
	1xq5/2mBn7JWBkKgWlZG4KvfzM2yyVw3MUr2u/BmiK++aM673fKMlLOzbUE9t8BS10wEUr
	dJUL3YMUROyWxlpEgNJaFTfyTlHPVg8lvifzh5CL0UUg1Fb15rF5q3EM1jIXxSl67Bu19c
	ZhlChbLpSWeS54N3ma0bK7YsSkdkMQub0DQjXRdMyFLBhITlwJqNvzZuXNy1EA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Z76tF3SVCzycw;
	Wed, 05 Mar 2025 09:38:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5259cDKm053624;
	Wed, 5 Mar 2025 09:38:13 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5259cDVC053621;
	Wed, 5 Mar 2025 09:38:13 GMT
	(envelope-from git)
Date: Wed, 5 Mar 2025 09:38:13 GMT
Message-Id: <202503050938.5259cDVC053621@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 6e7f24e0a526 - main - pf: fix nat64 ICMP translation
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 6e7f24e0a5262d7e040f4f6e9167c544e006176d
Auto-Submitted: auto-generated

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=6e7f24e0a5262d7e040f4f6e9167c544e006176d

commit 6e7f24e0a5262d7e040f4f6e9167c544e006176d
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-03-04 13:51:09 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-03-05 09:37:57 +0000

    pf: fix nat64 ICMP translation
    
    Fix more incorrect use of the iih pointer, this time causing corruption in nat64
    translated ICMP error messages.
    Extend the relevant test case to catch this bug.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D49231
---
 sys/netpfil/pf/pf.c           | 4 ++--
 tests/sys/netpfil/pf/nat64.py | 6 ++++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 2b28474f36c6..3bf7e0e2077c 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -8452,7 +8452,7 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd,
 					    nk->port[iidx] != iih->icmp_id)
 						iih->icmp_id = nk->port[iidx];
 					m_copyback(pd2.m, pd2.off, ICMP_MINLEN,
-					    (c_caddr_t)&iih);
+					    (c_caddr_t)iih);
 					PF_ACPY(&pd->nsaddr,
 					    &nk->addr[pd2.sidx], nk->af);
 					PF_ACPY(&pd->ndaddr,
@@ -8579,7 +8579,7 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd,
 					    nk->port[iidx] != iih->icmp6_id)
 						iih->icmp6_id = nk->port[iidx];
 					m_copyback(pd2.m, pd2.off,
-					    sizeof(struct icmp6_hdr), (c_caddr_t)&iih);
+					    sizeof(struct icmp6_hdr), (c_caddr_t)iih);
 					PF_ACPY(&pd->nsaddr,
 					    &nk->addr[pd2.sidx], nk->af);
 					PF_ACPY(&pd->ndaddr,
diff --git a/tests/sys/netpfil/pf/nat64.py b/tests/sys/netpfil/pf/nat64.py
index 42ab29a5aa0a..e64b7bbd573b 100644
--- a/tests/sys/netpfil/pf/nat64.py
+++ b/tests/sys/netpfil/pf/nat64.py
@@ -238,7 +238,7 @@ class TestNAT64(VnetTestTemplate):
             ip = reply.getlayer(sp.IPv6)
             assert icmp
             assert ip.src == "64:ff9b::c000:202"
-            return
+            return reply
 
         # If we don't find the packet we expect to see
         assert False
@@ -282,4 +282,6 @@ class TestNAT64(VnetTestTemplate):
 
         packet = sp.IPv6(dst="64:ff9b::198.51.100.2", hlim=1) \
             / sp.ICMPv6EchoRequest() / sp.Raw("foo")
-        self.common_test_source_addr(packet)
+        reply = self.common_test_source_addr(packet)
+        icmp = reply.getlayer(sp.ICMPv6EchoRequest)
+        assert icmp