Attachment #187264 for bug #222705




	return (0);
}

static int
map_icmp_unreach(int code)
{

	/* RFC 7915 p4.2 */
	switch (code) {
	case ICMP_UNREACH_NET:
	case ICMP_UNREACH_HOST:
	case ICMP_UNREACH_SRCFAIL:
	case ICMP_UNREACH_NET_UNKNOWN:
	case ICMP_UNREACH_HOST_UNKNOWN:
	case ICMP_UNREACH_TOSNET:
	case ICMP_UNREACH_TOSHOST:
		return (ICMP6_DST_UNREACH_NOROUTE);
	case ICMP_UNREACH_PORT:
		return (ICMP6_DST_UNREACH_NOPORT);
	default:
		/*
		 * Map the rest of codes into admit prohibited.
		 * XXX: unreach proto should be mapped into ICMPv6
		 * parameter problem, but we use only unreach type.
		 */
		return (ICMP6_DST_UNREACH_ADMIN);
	}
}

static void
send_reject6(struct ip_fw_args *args, int code, u_int hlen, struct ip6_hdr *ip6)
{

				    (proto != IPPROTO_ICMPV6 ||
				     (is_icmp6_query(icmp6_type) == 1)) &&
				    !(m->m_flags & (M_BCAST|M_MCAST)) &&
				    !IN6_IS_ADDR_MULTICAST(
					&args->f_id.dst_ip6)) {
					send_reject6(args,
					    cmd->opcode == O_REJECT ?
					    map_icmp_unreach(cmd->arg1):
					    cmd->arg1, hlen,
					    (struct ip6_hdr *)ip);
					m = args->m;
				}

Return to bug 222705

Lines 562-567 is_icmp6_query(int icmp6_type) Link Here

(-)ip_fw2.c (-3 / +32 lines)
562	return (0);	562	return (0);
563	}	563	}
564		564
		565	static int
		566	map_icmp_unreach(int code)
		567	{
		568
		569	/* RFC 7915 p4.2 */
		570	switch (code) {
		571	case ICMP_UNREACH_NET:
		572	case ICMP_UNREACH_HOST:
		573	case ICMP_UNREACH_SRCFAIL:
		574	case ICMP_UNREACH_NET_UNKNOWN:
		575	case ICMP_UNREACH_HOST_UNKNOWN:
		576	case ICMP_UNREACH_TOSNET:
		577	case ICMP_UNREACH_TOSHOST:
		578	return (ICMP6_DST_UNREACH_NOROUTE);
		579	case ICMP_UNREACH_PORT:
		580	return (ICMP6_DST_UNREACH_NOPORT);
		581	default:
		582	/*
		583	* Map the rest of codes into admit prohibited.
		584	* XXX: unreach proto should be mapped into ICMPv6
		585	* parameter problem, but we use only unreach type.
		586	*/
		587	return (ICMP6_DST_UNREACH_ADMIN);
		588	}
		589	}
		590
565	static void	591	static void
566	send_reject6(struct ip_fw_args args, int code, u_int hlen, struct ip6_hdr ip6)	592	send_reject6(struct ip_fw_args args, int code, u_int hlen, struct ip6_hdr ip6)
567	{	593	{
Lines 2401-2409 do { \ Link Here
2401	(proto != IPPROTO_ICMPV6 \|\|	2427	(proto != IPPROTO_ICMPV6 \|\|
2402	(is_icmp6_query(icmp6_type) == 1)) &&	2428	(is_icmp6_query(icmp6_type) == 1)) &&
2403	!(m->m_flags & (M_BCAST\|M_MCAST)) &&	2429	!(m->m_flags & (M_BCAST\|M_MCAST)) &&
2404	!IN6_IS_ADDR_MULTICAST(&args->f_id.dst_ip6)) {	2430	!IN6_IS_ADDR_MULTICAST(
2405	send_reject6(	2431	&args->f_id.dst_ip6)) {
2406	args, cmd->arg1, hlen,	2432	send_reject6(args,
		2433	cmd->opcode == O_REJECT ?
		2434	map_icmp_unreach(cmd->arg1):
		2435	cmd->arg1, hlen,
2407	(struct ip6_hdr *)ip);	2436	(struct ip6_hdr *)ip);
2408	m = args->m;	2437	m = args->m;
2409	}	2438	}