diff options
author | Andrey V. Elsukov <ae@FreeBSD.org> | 2022-04-01 13:49:25 +0000 |
---|---|---|
committer | Andrey V. Elsukov <ae@FreeBSD.org> | 2022-04-18 08:58:45 +0000 |
commit | 17c9c2049004038ed6f2dc23a64cb9f74411ec52 (patch) | |
tree | c479b6a3c274515d7a08bddd9e690c934e3cab95 | |
parent | f66bb161ab7a8d3f888882a8d2ff5ce6f78ef762 (diff) | |
download | src-17c9c2049004038ed6f2dc23a64cb9.tar.gz src-17c9c2049004038ed6f2dc23a64cb9.zip |
Fix ipfw fwd that doesn't work in some cases
For IPv4 use dst pointer as destination address in fib4_lookup().
It keeps destination address from IPv4 header and can be changed
when PACKET_TAG_IPFORWARD tag was set by packet filter.
For IPv6 override destination address with address from dst_sa.sin6_addr,
that was set from PACKET_TAG_IPFORWARD tag.
Reviewed by: eugen
PR: 256828, 261697, 255705
Differential Revision: https://reviews.freebsd.org/D34732
(cherry picked from commit 7d98cc096b995ca3bfd85277ed009b0f872c3e1b)
-rw-r--r-- | sys/netinet/ip_output.c | 2 | ||||
-rw-r--r-- | sys/netinet6/ip6_output.c | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index a23a38b08fa8..595957afe146 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -515,7 +515,7 @@ again: } else { struct nhop_object *nh; - nh = fib4_lookup(M_GETFIB(m), ip->ip_dst, 0, NHR_NONE, + nh = fib4_lookup(M_GETFIB(m), dst->sin_addr, 0, NHR_NONE, m->m_pkthdr.flowid); if (nh == NULL) { #if defined(IPSEC) || defined(IPSEC_SUPPORT) diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 3c8811ca1af9..f455c5ccbea2 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -772,6 +772,8 @@ again: ia = ifatoia6(nh->nh_ifa); if (nh->nh_flags & NHF_GATEWAY) dst->sin6_addr = nh->gw6_sa.sin6_addr; + else if (fwd_tag != NULL) + dst->sin6_addr = dst_sa.sin6_addr; nonh6lookup: ; } |