pf: Fix forwarding detection
ClosedPublic
Actions

Authored by kp on Apr 13 2015, 8:16 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Fri, Aug 1, 9:54 PM

	Unknown Object (File)
	Sun, Jul 13, 4:01 AM

	Unknown Object (File)
	Jul 7 2025, 9:57 AM

	Unknown Object (File)
	Jul 5 2025, 10:39 PM

	Unknown Object (File)
	Jun 28 2025, 4:19 PM

	Unknown Object (File)
	Jun 26 2025, 4:46 PM

	Unknown Object (File)
	Jun 25 2025, 4:39 AM

	Unknown Object (File)
	Jun 22 2025, 3:31 AM

View All 58 Files

Subscribers

None

Details

Reviewers

peter
philip
gnn

Summary

If the direction is not PF_OUT we can never be forwarding. Some input packets
have rcvif != ifp (looped back packets), which lead us to ip6_forward() inbound
packets, causing panics.

Equally, we need to ensure that packets were really received (so rcvif is not NULL)
and not locally generated before trying to ip6_forward() them.

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

kp updated this revision to Diff 4808.Apr 13 2015, 8:16 PM

kp retitled this revision from to pf: Fix forwarding detection.

kp updated this object.

kp edited the test plan for this revision. (Show Details)

kp added reviewers: gnn, philip, peter.

kp set the repository for this revision to rS FreeBSD src repository - subversion.

gnn accepted this revision.Apr 13 2015, 8:37 PM

gnn edited edge metadata.

This revision is now accepted and ready to land.Apr 13 2015, 8:37 PM

Committed as r281536.

Revision Contents
Changeset List

Path

Size

sys/

netpfil/

pf/

pf.c

2 lines

Diff 4808

View Options

pf: Fix forwarding detectionClosedPublicActions