The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=1df79d81343dc7683a234708e1852a8e368dbed2
commit 1df79d81343dc7683a234708e1852a8e368dbed2
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2024-12-02 16:50:02 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2024-12-17 10:07:17 +0000
pf: preserve TOS with nat64
When translating packets from one address family to another, pass the
TOS/Traffic Class field of the original packet. Discussed with mikeb@
Obtained from: OpenBSD, jca <j...@openbsd.org>, fd92f2bb4f
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/pf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 13a299a8dcd4..881b3cf91140 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -3460,6 +3460,7 @@ pf_translate_af(struct pf_pdesc *pd)
bzero(ip4, hlen);
ip4->ip_v = IPVERSION;
ip4->ip_hl = hlen >> 2;
+ ip4->ip_tos = pd->tos;
ip4->ip_len = htons(hlen + (pd->tot_len - pd->off));
ip_fillid(ip4);
ip4->ip_ttl = pd->ttl;
@@ -3473,6 +3474,7 @@ pf_translate_af(struct pf_pdesc *pd)
ip6 = mtod(pd->m, struct ip6_hdr *);
bzero(ip6, hlen);
ip6->ip6_vfc = IPV6_VERSION;
+ ip6->ip6_flow |= htonl((u_int32_t)pd->tos << 20);
ip6->ip6_plen = htons(pd->tot_len - pd->off);
ip6->ip6_nxt = pd->proto;
if (!pd->ttl || pd->ttl > IPV6_DEFHLIM)
