diff options
author | ae <ae@FreeBSD.org> | 2014-10-07 13:31:04 +0000 |
---|---|---|
committer | ae <ae@FreeBSD.org> | 2014-10-07 13:31:04 +0000 |
commit | ea6fd7eaaf413e0f30b10ba5b9cd0846185e7400 (patch) | |
tree | 4a24597ef162933663e4ae438ad0ea0936c1d07e | |
parent | 2c5c8aef3534672947d09f90fee1721dc35b63e7 (diff) | |
download | FreeBSD-src-ea6fd7eaaf413e0f30b10ba5b9cd0846185e7400.zip FreeBSD-src-ea6fd7eaaf413e0f30b10ba5b9cd0846185e7400.tar.gz |
Our packet filters use mbuf's rcvif pointer to determine incoming interface.
Change mbuf's rcvif to enc0 and restore it after pfil processing.
PR: 110959
Sponsored by: Yandex LLC
-rw-r--r-- | sys/net/if_enc.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/net/if_enc.c b/sys/net/if_enc.c index fc78769..b43b7d2 100644 --- a/sys/net/if_enc.c +++ b/sys/net/if_enc.c @@ -230,6 +230,7 @@ ipsec_filter(struct mbuf **mp, int dir, int flags) { int error, i; struct ip *ip; + struct ifnet *rcvif; KASSERT(encif != NULL, ("%s: encif is null", __func__)); KASSERT(flags & (ENC_IN|ENC_OUT), @@ -268,6 +269,8 @@ ipsec_filter(struct mbuf **mp, int dir, int flags) } error = 0; + rcvif = (*mp)->m_pkthdr.rcvif; + (*mp)->m_pkthdr.rcvif = encif; ip = mtod(*mp, struct ip *); switch (ip->ip_v) { #ifdef INET @@ -298,6 +301,7 @@ ipsec_filter(struct mbuf **mp, int dir, int flags) if (error != 0) goto bad; + (*mp)->m_pkthdr.rcvif = rcvif; return (error); bad: |