pf: Fix forwarding detection
ClosedPublic
Actions

Authored by kp on Apr 13 2015, 8:16 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Fri, May 29, 9:10 AM

	Unknown Object (File)
	May 8 2026, 3:34 AM

	Unknown Object (File)
	Apr 6 2026, 2:55 AM

	Unknown Object (File)
	Apr 3 2026, 3:40 PM

	Unknown Object (File)
	Mar 27 2026, 8:38 AM

	Unknown Object (File)
	Mar 24 2026, 3:51 AM

	Unknown Object (File)
	Mar 23 2026, 11:41 PM

	Unknown Object (File)
	Mar 6 2026, 6:20 AM

View All 85 Files

Subscribers

None

Details

Reviewers

peter
philip
gnn

Summary

If the direction is not PF_OUT we can never be forwarding. Some input packets
have rcvif != ifp (looped back packets), which lead us to ip6_forward() inbound
packets, causing panics.

Equally, we need to ensure that packets were really received (so rcvif is not NULL)
and not locally generated before trying to ip6_forward() them.

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

kp updated this revision to Diff 4808.Apr 13 2015, 8:16 PM

kp retitled this revision from to pf: Fix forwarding detection.

kp updated this object.

kp edited the test plan for this revision. (Show Details)

kp added reviewers: gnn, philip, peter.

kp set the repository for this revision to rS FreeBSD src repository - subversion.

gnn accepted this revision.Apr 13 2015, 8:37 PM

gnn edited edge metadata.

This revision is now accepted and ready to land.Apr 13 2015, 8:37 PM

Committed as r281536.

Revision Contents
Changeset List

Path

Size

sys/

netpfil/

pf/

pf.c

2 lines

Diff 4808

View Options

pf: Fix forwarding detectionClosedPublicActions