diff options
| author | Renato Botelho <renato@netgate.com> | 2015-08-17 13:53:25 -0300 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2015-08-17 13:53:25 -0300 |
| commit | 82d9a61826c3715d08fc9e88c750d4f368bec1fb (patch) | |
| tree | 3aefae4bfe888dd69e6d70f501f1dc6eb2b67529 /sys/netpfil | |
| parent | 7299f9b9c2de27afbc6b0663f4dd738e93319fe8 (diff) | |
| download | FreeBSD-src-82d9a61826c3715d08fc9e88c750d4f368bec1fb.zip FreeBSD-src-82d9a61826c3715d08fc9e88c750d4f368bec1fb.tar.gz | |
Importing pfSense patch pf_reply-to.enahnce.diff
Diffstat (limited to 'sys/netpfil')
| -rw-r--r-- | sys/netpfil/pf/pf.c | 18 | ||||
| -rw-r--r-- | sys/netpfil/pf/pf_ioctl.c | 6 |
2 files changed, 16 insertions, 8 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index a370958..cbbd6e1 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -335,9 +335,7 @@ do { \ } \ if ((d) == PF_OUT && \ (((s)->rule.ptr->rt == PF_ROUTETO && \ - (s)->rule.ptr->direction == PF_OUT) || \ - ((s)->rule.ptr->rt == PF_REPLYTO && \ - (s)->rule.ptr->direction == PF_IN)) && \ + (s)->rule.ptr->direction == PF_OUT)) && \ (s)->rt_kif != NULL && \ (s)->rt_kif != (i)) \ return (PF_PASS); \ @@ -5703,7 +5701,12 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, else if (r->rt == PF_ROUTETO && r->direction == dir && in_localip(ip->ip_dst)) return; - if (oifp != ifp) { + if (s != NULL && r->rt == PF_REPLYTO) { + /* + * Send it out since it came from state recorded ifp(rt_addr). + * Routing table lookup might have chosen not correct interface! + */ + } else if (oifp != ifp) { if (in_broadcast(ip->ip_dst, oifp)) /* XXX: LOCKING of address list?! */ return; @@ -5943,7 +5946,12 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, } else if (r->rt == PF_ROUTETO && r->direction == dir && in6_localaddr(&ip6->ip6_dst)) return; - if (oifp != ifp) { + if (s != NULL && r->rt == PF_REPLYTO) { + /* + * Send it out since it came from state recorded ifp(rt_addr). + * Routing table lookup might have chosen not correct interface! + */ + } else if (oifp != ifp) { if (s && r->rt == PF_ROUTETO && pd->nat_rule != NULL && r->direction == PF_OUT && r->direction == dir && pd->pf_mtag->routed < 2) { diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 5fb70c0..bb8c15e 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -3636,9 +3636,9 @@ pf_check_out(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, int chk; /* We need a proper CSUM befor we start (s. OpenBSD ip_output) */ - if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { - in_delayed_cksum(*m); - (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; + if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) { + in6_delayed_cksum(*m, (*m)->m_pkthdr.len - sizeof(struct ip6_hdr), sizeof(struct ip6_hdr)); + (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; } chk = pf_test(PF_OUT, ifp, m, inp); |
