Date: Fri, 01 Aug 2014 19:57:23 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 127920] [pf] ipv6 and synproxy don't play well together Message-ID: <bug-127920-17777-7RyvE3PxIy@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-127920-17777@https.bugs.freebsd.org/bugzilla/> References: <bug-127920-17777@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=127920 --- Comment #6 from vegeta@tuxpowered.net --- pf_test6() is missing a check for M_SKIP_FIREWALL flags on mbuf, this flag is present on packets sent via pf_send_tcp(), like SYN+ACK reply to client. Following patch fixes the issue (line numbers will not match, I have a lot of other patches on pf): @@ -6068,6 +6211,9 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp) if (kif->pfik_flags & PFI_IFLAG_SKIP) return (PF_PASS); + if (m->m_flags & M_SKIP_FIREWALL) + return (PF_PASS); + PF_RULES_RLOCK(); /* We do IP header normalization and packet reassembly here */ -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-127920-17777-7RyvE3PxIy>