The branch main has been updated by ae:
URL:
https://cgit.FreeBSD.org/src/commit/?id=7d98cc096b995ca3bfd85277ed009b0f872c3e1b
commit 7d98cc096b995ca3bfd85277ed009b0f872c3e1b
Author: Andrey V. Elsukov <a...@freebsd.org>
AuthorDate: 2022-04-01 13:49:25 +0000
Commit: Andrey V. Elsukov <a...@freebsd.org>
CommitDate: 2022-04-11 11:16:43 +0000
Fix ipfw fwd that doesn't work in some cases
For IPv4 use dst pointer as destination address in fib4_lookup().
It keeps destination address from IPv4 header and can be changed
when PACKET_TAG_IPFORWARD tag was set by packet filter.
For IPv6 override destination address with address from dst_sa.sin6_addr,
that was set from PACKET_TAG_IPFORWARD tag.
Reviewed by: eugen
MFC after: 1 week
PR: 256828, 261697, 255705
Differential Revision: https://reviews.freebsd.org/D34732
---
sys/netinet/ip_output.c | 2 +-
sys/netinet6/ip6_output.c | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 818d115d8a2d..b68a6536c8b8 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -513,7 +513,7 @@ again:
} else {
struct nhop_object *nh;
- nh = fib4_lookup(M_GETFIB(m), ip->ip_dst, 0, NHR_NONE,
+ nh = fib4_lookup(M_GETFIB(m), dst->sin_addr, 0, NHR_NONE,
m->m_pkthdr.flowid);
if (nh == NULL) {
#if defined(IPSEC) || defined(IPSEC_SUPPORT)
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
index 406776bdb5a4..818b08c3ab40 100644
--- a/sys/netinet6/ip6_output.c
+++ b/sys/netinet6/ip6_output.c
@@ -772,6 +772,8 @@ again:
ia = ifatoia6(nh->nh_ifa);
if (nh->nh_flags & NHF_GATEWAY)
dst->sin6_addr = nh->gw6_sa.sin6_addr;
+ else if (fwd_tag != NULL)
+ dst->sin6_addr = dst_sa.sin6_addr;
nonh6lookup:
;
}
