pf: Fix forwarding detection
ClosedPublic
Actions

Authored by kp on Apr 13 2015, 8:16 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Thu, Nov 21, 1:45 PM

	Unknown Object (File)
	Oct 3 2024, 2:01 AM

	Unknown Object (File)
	Sep 23 2024, 4:40 AM

	Unknown Object (File)
	Sep 22 2024, 8:07 PM

	Unknown Object (File)
	Sep 7 2024, 9:22 PM

	Unknown Object (File)
	Sep 7 2024, 4:52 AM

	Unknown Object (File)
	Aug 18 2024, 12:56 AM

	Unknown Object (File)
	Aug 17 2024, 2:30 PM

View All 41 Files

Subscribers

None

Details

Reviewers

peter
philip
gnn

Summary

If the direction is not PF_OUT we can never be forwarding. Some input packets
have rcvif != ifp (looped back packets), which lead us to ip6_forward() inbound
packets, causing panics.

Equally, we need to ensure that packets were really received (so rcvif is not NULL)
and not locally generated before trying to ip6_forward() them.

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

kp updated this revision to Diff 4808.Apr 13 2015, 8:16 PM

kp retitled this revision from to pf: Fix forwarding detection.

kp updated this object.

kp edited the test plan for this revision. (Show Details)

kp added reviewers: gnn, philip, peter.

kp set the repository for this revision to rS FreeBSD src repository - subversion.

gnn accepted this revision.Apr 13 2015, 8:37 PM

gnn edited edge metadata.

This revision is now accepted and ready to land.Apr 13 2015, 8:37 PM

Committed as r281536.

Revision Contents
Changeset List

Path

Size

sys/

netpfil/

pf/

pf.c

2 lines

Diff 4808

View Options

pf: Fix forwarding detectionClosedPublicActions