aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrey V. Elsukov <ae@FreeBSD.org>2022-04-01 13:49:25 +0000
committerAndrey V. Elsukov <ae@FreeBSD.org>2022-04-18 08:58:45 +0000
commit17c9c2049004038ed6f2dc23a64cb9f74411ec52 (patch)
treec479b6a3c274515d7a08bddd9e690c934e3cab95
parentf66bb161ab7a8d3f888882a8d2ff5ce6f78ef762 (diff)
downloadsrc-17c9c2049004038ed6f2dc23a64cb9.tar.gz
src-17c9c2049004038ed6f2dc23a64cb9.zip
Fix ipfw fwd that doesn't work in some cases
For IPv4 use dst pointer as destination address in fib4_lookup(). It keeps destination address from IPv4 header and can be changed when PACKET_TAG_IPFORWARD tag was set by packet filter. For IPv6 override destination address with address from dst_sa.sin6_addr, that was set from PACKET_TAG_IPFORWARD tag. Reviewed by: eugen PR: 256828, 261697, 255705 Differential Revision: https://reviews.freebsd.org/D34732 (cherry picked from commit 7d98cc096b995ca3bfd85277ed009b0f872c3e1b)
-rw-r--r--sys/netinet/ip_output.c2
-rw-r--r--sys/netinet6/ip6_output.c2
2 files changed, 3 insertions, 1 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index a23a38b08fa8..595957afe146 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -515,7 +515,7 @@ again:
} else {
struct nhop_object *nh;
- nh = fib4_lookup(M_GETFIB(m), ip->ip_dst, 0, NHR_NONE,
+ nh = fib4_lookup(M_GETFIB(m), dst->sin_addr, 0, NHR_NONE,
m->m_pkthdr.flowid);
if (nh == NULL) {
#if defined(IPSEC) || defined(IPSEC_SUPPORT)
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
index 3c8811ca1af9..f455c5ccbea2 100644
--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@@ -772,6 +772,8 @@ again:
ia = ifatoia6(nh->nh_ifa);
if (nh->nh_flags & NHF_GATEWAY)
dst->sin6_addr = nh->gw6_sa.sin6_addr;
+ else if (fwd_tag != NULL)
+ dst->sin6_addr = dst_sa.sin6_addr;
nonh6lookup:
;
}