pf: Fix forwarding detection
ClosedPublic
Actions

Authored by kp on Apr 13 2015, 8:16 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sep 9 2025, 9:14 AM

	Unknown Object (File)
	Sep 9 2025, 2:27 AM

	Unknown Object (File)
	Sep 9 2025, 2:12 AM

	Unknown Object (File)
	Sep 8 2025, 10:17 PM

	Unknown Object (File)
	Sep 8 2025, 8:37 PM

	Unknown Object (File)
	Sep 8 2025, 7:20 PM

	Unknown Object (File)
	Sep 7 2025, 12:28 AM

	Unknown Object (File)
	Sep 5 2025, 5:47 AM

View All 67 Files

Subscribers

None

Details

Reviewers

peter
philip
gnn

Summary

If the direction is not PF_OUT we can never be forwarding. Some input packets
have rcvif != ifp (looped back packets), which lead us to ip6_forward() inbound
packets, causing panics.

Equally, we need to ensure that packets were really received (so rcvif is not NULL)
and not locally generated before trying to ip6_forward() them.

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

kp updated this revision to Diff 4808.Apr 13 2015, 8:16 PM

kp retitled this revision from to pf: Fix forwarding detection.

kp updated this object.

kp edited the test plan for this revision. (Show Details)

kp added reviewers: gnn, philip, peter.

kp set the repository for this revision to rS FreeBSD src repository - subversion.

gnn accepted this revision.Apr 13 2015, 8:37 PM

gnn edited edge metadata.

This revision is now accepted and ready to land.Apr 13 2015, 8:37 PM

Committed as r281536.

Revision Contents
Changeset List

Path

Size

sys/

netpfil/

pf/

pf.c

2 lines

Diff 4808

View Options

pf: Fix forwarding detectionClosedPublicActions