pf: distinguish forwarding and output cases for pf_refragment6()
Needs ReviewPublic
Actions

Authored by kp on Mar 13 2023, 5:19 PM.

Details

Reviewers

None

Group Reviewers

network
pfsense

Summary

Re-introduce PFIL_FWD, because pf's pf_refragment6() needs to know if
we're ip6_forward()-ing or ip6_output()-ing.

ip6_forward() relies on m->m_pkthdr.rcvif, at least for link-local
traffic (for in6_get_unicast_scopeid()). rcvif is not set for locally
generated traffic (e.g. from icmp6_reflect()), so we need to call the
correct output function.

Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 50354
Build 47246: arc lint + arc unit

Event Timeline

kp created this revision.Mar 13 2023, 5:19 PM

Herald added subscribers: glebius, melifaro, farrokhi and 2 others. · View Herald TranscriptMar 13 2023, 5:19 PM

kp requested review of this revision.Mar 13 2023, 5:19 PM

Harbormaster completed remote builds in B50328: Diff 118753.Mar 13 2023, 5:19 PM

kp added a child revision: D39062: pf: set scope in pf_refragment6().Mar 13 2023, 5:19 PM

glebius added inline comments.Mar 13 2023, 7:44 PM

sys/net/pfil.c
204–205	This somewhat relaxes the old assertion. I think it is still important to protect against dumb case of two directions. Maybe add two assertions?
sys/netpfil/pf/pf.c
7956	action = pf_refragment6(ifp, m0, mtag, pflags & PFIL_FWD);
sys/netpfil/pf/pf_norm.c
47	This won't be needed if using bool argument.
945–946	I'd suggest to use bool forward here instead of int pflags, but it is up to you.
1016–1017	Style: should be one line