https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203735
Kristof Provost <k...@freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |k...@freebsd.org
--- Comment #7 from Kristof Provost <k...@freebsd.org> ---
The good news is this no longer panics, but it still doesn't work.
This turns out to be somewhat tricky.
The underlying problem is one of address scope.
It can be fixed on the receive side with a patch like this:
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 81290f91b40..d68f81ddf15 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -6538,8 +6538,12 @@ done:
pd.proto == IPPROTO_UDP) && s != NULL && s->nat_rule.ptr != NULL &&
(s->nat_rule.ptr->action == PF_RDR ||
s->nat_rule.ptr->action == PF_BINAT) &&
IN6_IS_ADDR_LOOPBACK(&pd.dst->v6))
- m->m_flags |= M_SKIP_FIREWALL;
+ m->m_flags |= M_SKIP_FIREWALL | M_FASTFWD_OURS;
This tells ip6_input() to skip the scope checks, which seems appropriate.
It still fails on the reply packet though, so this doesn't actually fix the
whole use case.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
