D38586.id117191.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D38586.id117191.diff
View Options

	diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
	--- a/sys/netpfil/pf/if_pfsync.c
	+++ b/sys/netpfil/pf/if_pfsync.c
	@@ -103,6 +103,8 @@
	#include <netinet/tcp_fsm.h>
	#include <netinet/tcp_seq.h>

	+#include <netinet6/ip6_var.h>
	+
	#include <netpfil/pf/pfsync_nv.h>

	struct pfsync_bucket;
	@@ -2333,7 +2335,8 @@
	struct pfsync_softc *sc = arg;
	struct pfsync_bucket *b;
	struct mbuf m, n;
	- int c, error;
	+ struct ip *ip;
	+ int c, error, af;

	NET_EPOCH_ENTER(et);
	CURVNET_SET(sc->sc_ifp->if_vnet);
	@@ -2353,12 +2356,15 @@
	n = m->m_nextpkt;
	m->m_nextpkt = NULL;

	+ ip = mtod(m, struct ip *);
	+ af = ip->ip_v == IPVERSION ? AF_INET : AF_INET6;
	+
	/*
	* We distinguish between a deferral packet and our
	* own pfsync packet based on M_SKIP_FIREWALL
	* flag. This is XXX.
	*/
	- switch (sc->sc_sync_peer.ss_family) {
	+ switch (af) {
	#ifdef INET
	case AF_INET:
	if (m->m_flags & M_SKIP_FIREWALL) {
	@@ -2369,6 +2375,19 @@
	IP_RAWOUTPUT, &sc->sc_imo, NULL);
	}
	break;
	+#endif
	+#ifdef INET6
	+ case AF_INET6:
	+ if (m->m_flags & M_SKIP_FIREWALL) {
	+ error = ip6_output(m, NULL, NULL, 0,
	+ NULL, NULL, NULL);
	+ } else {
	+ MPASS(false);
	+ /* We don't support pfsync over IPv6. */
	+ /*error = ip6_output(m, NULL, NULL,
	+ IP_RAWOUTPUT, &sc->sc_imo6, NULL);*/
	+ }
	+ break;
	#endif
	}