]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5aaef5a) | patch
pf: fix reply-to after rdr and dummynet
authorKristof Provost <kp@FreeBSD.org>
Wed, 27 Mar 2024 14:47:21 +0000 (15:47 +0100)
committerKristof Provost <kp@FreeBSD.org>
Thu, 28 Mar 2024 16:06:01 +0000 (17:06 +0100)
commita983cea4e9a8dcd52cfd6a3141d7aa03306b057b
tree4b5caff74941b199cee32a7bcd65bdd76c8e21f4tree | snapshot
parent5aaef5a6008419d0945699dfdb5ce1daffecd21dcommit | diff
pf: fix reply-to after rdr and dummynet

If we redirect a packet to localhost and it gets dummynet'd it may be
re-injected later (e.g. when delayed) which means it will be passed
through ip_input() again. ip_input() will then reject the packet because
it's directed to the loopback address, but did not arrive on a loopback
interface.

Fix this by having pf set the rcvif to V_iflo if we redirect to
loopback.

See also: https://redmine.pfsense.org/issues/15363
Sponsored by: Rubicon Communications, LLC ("Netgate")
sys/netpfil/pf/pf.c diff | blob | history
tests/sys/netpfil/pf/route_to.sh diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.