| created | 2025-03-06T06:43:59Z |
|---|---|
| begin | 2025-03-04T01:13:37Z |
| end | 2025-03-04T11:52:44Z |
| path | src/sys |
| commits | 1 |
| date | 2025-03-04T11:52:44Z | |||
|---|---|---|---|---|
| author | sashan | |||
| files | src/sys/net/pf.c | log | diff | annotate |
| message |
Fix incorrect ICMP error translation in af-to NAT. In typical situation pf uses destination address found in state for IPv6 source address in af-to translated packet. However for ICMPv4 errors we need to replace the least 32bits in IPv6 source address with source address from ICMPv4 reply packet we are forwarding. This way IPv6 host which is going to receive the error can see the reply is coming from router on the path and not from destination. This change enables traceroute6 behind af-to to provide meaningful information. The issue was kindly reported by Kristof Provost (kp _vond_ freebsd _dot_ org) Testing and feedback comes from bluhm@ OK bluhm@ |
|||