diff options
author | mlaier <mlaier@FreeBSD.org> | 2006-09-06 17:19:45 +0000 |
---|---|---|
committer | mlaier <mlaier@FreeBSD.org> | 2006-09-06 17:19:45 +0000 |
commit | 9e3a82aacc8c031e76f2432575ec9887d35d0d98 (patch) | |
tree | daa706b3ef77ebe2d8ae66149c66fd2b16f73f3e /sys/contrib | |
parent | f044a1949bf52ae215c04b5885db0a0fa58680cf (diff) | |
download | FreeBSD-src-9e3a82aacc8c031e76f2432575ec9887d35d0d98.zip FreeBSD-src-9e3a82aacc8c031e76f2432575ec9887d35d0d98.tar.gz |
Fix stateful filtering of loopback IPv6 traffic to an address not configured
on lo0. While here fix a comment.
PR: kern/102647
Reported by: Frank Steinborn
Submitted by: suz (earlier version)
MFC after: 3 days
Diffstat (limited to 'sys/contrib')
-rw-r--r-- | sys/contrib/pf/net/pf_ioctl.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/sys/contrib/pf/net/pf_ioctl.c b/sys/contrib/pf/net/pf_ioctl.c index 715b541..2681112 100644 --- a/sys/contrib/pf/net/pf_ioctl.c +++ b/sys/contrib/pf/net/pf_ioctl.c @@ -3438,11 +3438,17 @@ pf_check6_in(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, struct inpcb *inp) { /* - * IPv6 does not affected ip_len/ip_off byte order changes. + * IPv6 is not affected by ip_len/ip_off byte order changes. */ int chk; - chk = pf_test6(PF_IN, ifp, m, NULL, inp); + /* + * In case of loopback traffic IPv6 uses the real interface in + * order to support scoped addresses. In order to support stateful + * filtering we have change this to lo0 as it is the case in IPv4. + */ + chk = pf_test6(PF_IN, (*m)->m_flags & M_LOOP ? &loif[0] : ifp, m, + NULL, inp); if (chk && *m) { m_freem(*m); *m = NULL; |