Page MenuHomeFreeBSD
Files F115618932

D47801.id147060.diff
No OneTemporary
Actions

D47801.id147060.diff
View Options

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -437,8 +437,10 @@
} while (0)
static struct pfi_kkif *
-BOUND_IFACE(struct pf_kstate *st, struct pfi_kkif *k)
+BOUND_IFACE(struct pf_kstate *st, struct pf_pdesc *pd)
{
+ struct pfi_kkif *k = pd->kif;
+
SDT_PROBE2(pf, ip, , bound_iface, st, k);
/* Floating unless otherwise specified. */
@@ -449,7 +451,7 @@
* Initially set to all, because we don't know what interface we'll be
* sending this out when we create the state.
*/
- if (st->rule->rt == PF_REPLYTO)
+ if (st->rule->rt == PF_REPLYTO || (pd->af != pd->naf))
return (V_pfi_all);
/* Don't overrule the interface for states created on incoming packets. */
@@ -6094,7 +6096,7 @@
__func__, nr, sk, nk));
/* Swap sk/nk for PF_OUT. */
- if (pf_state_insert(BOUND_IFACE(s, pd->kif), pd->kif,
+ if (pf_state_insert(BOUND_IFACE(s, pd), pd->kif,
(pd->dir == PF_IN) ? sk : nk,
(pd->dir == PF_IN) ? nk : sk, s)) {
REASON_SET(&reason, PFRES_STATEINS);
@@ -8801,6 +8803,16 @@
/* Use the gateway if needed. */
if (nh->nh_flags & NHF_GATEWAY)
dst.sin_addr = nh->gw4_sa.sin_addr;
+
+ /*
+ * Bind to the correct interface if we're
+ * if-bound. We don't know which interface
+ * that will be until here, so we've inserted
+ * the state on V_pf_all. Fix that now.
+ */
+ if (s->kif == V_pfi_all && ifp != NULL &&
+ r->rule_flag & PFRULE_IFBOUND)
+ s->kif = ifp->if_pf_kif;
}
}
@@ -9084,6 +9096,16 @@
if (nh->nh_flags & NHF_GATEWAY)
bcopy(&dst.sin6_addr, &nh->gw6_sa.sin6_addr,
sizeof(dst.sin6_addr));
+
+ /*
+ * Bind to the correct interface if we're
+ * if-bound. We don't know which interface
+ * that will be until here, so we've inserted
+ * the state on V_pf_all. Fix that now.
+ */
+ if (s->kif == V_pfi_all && ifp != NULL &&
+ r->rule_flag & PFRULE_IFBOUND)
+ s->kif = ifp->if_pf_kif;
}
}
}
diff --git a/tests/sys/netpfil/pf/nat64.sh b/tests/sys/netpfil/pf/nat64.sh
--- a/tests/sys/netpfil/pf/nat64.sh
+++ b/tests/sys/netpfil/pf/nat64.sh
@@ -52,6 +52,7 @@
jexec rtr pfctl -e
pft_set_rules rtr \
+ "set state-policy if-bound" \
"pass in on ${epair}b inet6 from any to 64:ff9b::/96 af-to inet from (${epair_link}a)"
}

File Metadata

Mime Type
text/plain
Expires
Sun, Apr 27, 2:24 AM (8 h, 28 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
17812223
Default Alt Text
D47801.id147060.diff (2 KB)

Event Timeline