diff options
| -rw-r--r-- | sys/contrib/pf/net/pf_ioctl.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/sys/contrib/pf/net/pf_ioctl.c b/sys/contrib/pf/net/pf_ioctl.c index 715b541..2681112 100644 --- a/sys/contrib/pf/net/pf_ioctl.c +++ b/sys/contrib/pf/net/pf_ioctl.c @@ -3438,11 +3438,17 @@ pf_check6_in(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, struct inpcb *inp) { /* - * IPv6 does not affected ip_len/ip_off byte order changes. + * IPv6 is not affected by ip_len/ip_off byte order changes. */ int chk; - chk = pf_test6(PF_IN, ifp, m, NULL, inp); + /* + * In case of loopback traffic IPv6 uses the real interface in + * order to support scoped addresses. In order to support stateful + * filtering we have change this to lo0 as it is the case in IPv4. + */ + chk = pf_test6(PF_IN, (*m)->m_flags & M_LOOP ? &loif[0] : ifp, m, + NULL, inp); if (chk && *m) { m_freem(*m); *m = NULL; |
