From 9e3a82aacc8c031e76f2432575ec9887d35d0d98 Mon Sep 17 00:00:00 2001 From: mlaier Date: Wed, 6 Sep 2006 17:19:45 +0000 Subject: [PATCH] Fix stateful filtering of loopback IPv6 traffic to an address not configured on lo0. While here fix a comment. PR: kern/102647 Reported by: Frank Steinborn Submitted by: suz (earlier version) MFC after: 3 days --- sys/contrib/pf/net/pf_ioctl.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/sys/contrib/pf/net/pf_ioctl.c b/sys/contrib/pf/net/pf_ioctl.c index 715b5410698b..268111222e8f 100644 --- a/sys/contrib/pf/net/pf_ioctl.c +++ b/sys/contrib/pf/net/pf_ioctl.c @@ -3438,11 +3438,17 @@ pf_check6_in(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, struct inpcb *inp) { /* - * IPv6 does not affected ip_len/ip_off byte order changes. + * IPv6 is not affected by ip_len/ip_off byte order changes. */ int chk; - chk = pf_test6(PF_IN, ifp, m, NULL, inp); + /* + * In case of loopback traffic IPv6 uses the real interface in + * order to support scoped addresses. In order to support stateful + * filtering we have change this to lo0 as it is the case in IPv4. + */ + chk = pf_test6(PF_IN, (*m)->m_flags & M_LOOP ? &loif[0] : ifp, m, + NULL, inp); if (chk && *m) { m_freem(*m); *m = NULL;