git: 17c9c2049004 - stable/13 - Fix ipfw fwd that doesn't work in some cases
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 18 Apr 2022 09:10:37 UTC
The branch stable/13 has been updated by ae:
URL: https://cgit.FreeBSD.org/src/commit/?id=17c9c2049004038ed6f2dc23a64cb9f74411ec52
commit 17c9c2049004038ed6f2dc23a64cb9f74411ec52
Author: Andrey V. Elsukov <ae@FreeBSD.org>
AuthorDate: 2022-04-01 13:49:25 +0000
Commit: Andrey V. Elsukov <ae@FreeBSD.org>
CommitDate: 2022-04-18 08:58:45 +0000
Fix ipfw fwd that doesn't work in some cases
For IPv4 use dst pointer as destination address in fib4_lookup().
It keeps destination address from IPv4 header and can be changed
when PACKET_TAG_IPFORWARD tag was set by packet filter.
For IPv6 override destination address with address from dst_sa.sin6_addr,
that was set from PACKET_TAG_IPFORWARD tag.
Reviewed by: eugen
PR: 256828, 261697, 255705
Differential Revision: https://reviews.freebsd.org/D34732
(cherry picked from commit 7d98cc096b995ca3bfd85277ed009b0f872c3e1b)
---
sys/netinet/ip_output.c | 2 +-
sys/netinet6/ip6_output.c | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index a23a38b08fa8..595957afe146 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -515,7 +515,7 @@ again:
} else {
struct nhop_object *nh;
- nh = fib4_lookup(M_GETFIB(m), ip->ip_dst, 0, NHR_NONE,
+ nh = fib4_lookup(M_GETFIB(m), dst->sin_addr, 0, NHR_NONE,
m->m_pkthdr.flowid);
if (nh == NULL) {
#if defined(IPSEC) || defined(IPSEC_SUPPORT)
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
index 3c8811ca1af9..f455c5ccbea2 100644
--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@@ -772,6 +772,8 @@ again:
ia = ifatoia6(nh->nh_ifa);
if (nh->nh_flags & NHF_GATEWAY)
dst->sin6_addr = nh->gw6_sa.sin6_addr;
+ else if (fwd_tag != NULL)
+ dst->sin6_addr = dst_sa.sin6_addr;
nonh6lookup:
;
}