Attempt to improve feature parity between UDPv4 and UDPv6 by merging

UDPv4 features to UDPv6:

- Add MAC checks on delivery and MAC labeling on transmit.
- Check for (and reject) datagrams with destination port 0.
- For multicast delivery, check the source port only if the socket being
  considered as a destination has been connected.
- Implement UDP blackholing based on net.inet.udp.blackhole.
- Add a new ICMPv6 unreachable reply rate limiting category for failed
  delivery attempts and implement rate limiting for UDPv6 (submitted by
  bz).

Approved by:	re (kensmith)
Reviewed by:	bz

2 files changed, 4 insertions, 2 deletions

diff --git a/sys/netinet/icmp_var.h b/sys/netinet/icmp_var.h
index f7bfa8b..dda84f2 100644
--- a/sys/netinet/icmp_var.h
+++ b/sys/netinet/icmp_var.h
@@ -82,7 +82,8 @@ extern int badport_bandlim(int);
 #define BANDLIM_ICMP_TSTAMP 2
 #define BANDLIM_RST_CLOSEDPORT 3 /* No connection, and no listeners */
 #define BANDLIM_RST_OPENPORT 4   /* No connection, listener */
-#define BANDLIM_MAX 4
+#define BANDLIM_ICMP6_UNREACH 5
+#define BANDLIM_MAX 5
 #endif
 
 #endif
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index b330699..36cc020 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -888,7 +888,8 @@ badport_bandlim(int which)
 		{ "icmp ping response" },
 		{ "icmp tstamp response" },
 		{ "closed port RST response" },
-		{ "open port RST response" }
+		{ "open port RST response" },
+		{ "icmp6 unreach response" }
 	};
 
 	/*