[Bug 127920] [pf] ipv6 and synproxy don't play well together
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Aug 1 19:57:23 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=127920
--- Comment #6 from vegeta at tuxpowered.net ---
pf_test6() is missing a check for M_SKIP_FIREWALL flags on mbuf, this flag is
present on packets sent via pf_send_tcp(), like SYN+ACK reply to client.
Following patch fixes the issue (line numbers will not match, I have a lot of
other patches on pf):
@@ -6068,6 +6211,9 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0,
struct inpcb *inp)
if (kif->pfik_flags & PFI_IFLAG_SKIP)
return (PF_PASS);
+ if (m->m_flags & M_SKIP_FIREWALL)
+ return (PF_PASS);
+
PF_RULES_RLOCK();
/* We do IP header normalization and packet reassembly here */
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list