MFC: pf_ioctl.c, 1.26

Fix stateful filtering of loopback IPv6 traffic to an address not configured on lo0. While here fix a comment. PR: kern/102647 Reported by: Frank Steinborn Submitted by: suz (earlier version)
2006-09-09 00:50:25 +00:00 · 2006-09-09 00:50:25 +00:00 · b04f4baadd
commit b04f4baadd
parent 291ebd465b
1 changed files with 8 additions and 2 deletions
--- a/sys/contrib/pf/net/pf_ioctl.c
+++ b/sys/contrib/pf/net/pf_ioctl.c
@ -3416,11 +3416,17 @@ pf_check6_in(void *arg, struct mbuf **m, struct ifnet *ifp, int dir,
    struct inpcb *inp)
 {
 	/*
-	 * IPv6 does not affected ip_len/ip_off byte order changes.
+	 * IPv6 is not affected by ip_len/ip_off byte order changes.
 	 */
 	int chk;

-	chk = pf_test6(PF_IN, ifp, m, NULL, inp);
+	/*
+	 * In case of loopback traffic IPv6 uses the real interface in
+	 * order to support scoped addresses. In order to support stateful
+	 * filtering we have change this to lo0 as it is the case in IPv4.
+	 */
+	chk = pf_test6(PF_IN, (*m)->m_flags & M_LOOP ? &loif[0] : ifp, m,
+	    NULL, inp);
 	if (chk && *m) {
 		m_freem(*m);
 		*m = NULL;