From 59e5a700b1e4de81862182bd63cf0ce0e81172d1 Mon Sep 17 00:00:00 2001
From: glebius <glebius@FreeBSD.org>
Date: Mon, 25 Aug 2014 15:48:28 +0000
Subject: Merge 270010 from head:   Fix synproxy with IPv6. pf_test6() was
 missing a check for M_SKIP_FIREWALL.

  PR:           127920
  Submitted by: Kajetan Staszkiewicz <vegeta tuxpowered.net>
  Sponsored by: InnoGames GmbH
---
 sys/netpfil/pf/pf.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 3a087df..a3442ea 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -6069,6 +6069,9 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp)
 	if (kif->pfik_flags & PFI_IFLAG_SKIP)
 		return (PF_PASS);
 
+	if (m->m_flags & M_SKIP_FIREWALL)
+		return (PF_PASS);
+
 	PF_RULES_RLOCK();
 
 	/* We do IP header normalization and packet reassembly here */
-- 
cgit v1.1