pf: Fix rule evaluation after inet6 route-to

In pf_route6() we re-run the ruleset with PF_FWD if the packet goes out of a different interface. pf_test6() needs to know that the packet was forwarded (in case it needs to refragment so it knows whether to call ip6_output() or ip6_forward()). This lead pf_test6() to try to evaluate rules against the PF_FWD direction, which isn't supported, so it needs to treat PF_FWD as PF_OUT. Once fwdir is set correctly the correct output/forward function will be called. PR: 217883 Submitted by: Kajetan Staszkiewicz MFC after: 1 week Sponsored by: InnoGames GmbH
2017-03-19 03:06:09 +00:00 · 2017-03-19 03:06:09 +00:00 · 08ef4ddb0f
commit 08ef4ddb0f
parent 2e17a50f83
1 changed files with 3 additions and 0 deletions
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@ -6245,6 +6245,9 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp)
 	    m->m_pkthdr.rcvif->if_bridge != ifp->if_bridge)))
 		fwdir = PF_FWD;

+	if (dir == PF_FWD)
+		dir = PF_OUT;
+
 	if (!V_pf_status.running)
 		return (PF_PASS);