On Sun, Mar 19, 2017 at 9:41 PM, <bugzilla-nore...@freebsd.org> wrote:
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203735 > > Kristof Provost <k...@freebsd.org> changed: > > What |Removed |Added > ------------------------------------------------------------ > ---------------- > CC| |k...@freebsd.org > > --- Comment #7 from Kristof Provost <k...@freebsd.org> --- > The good news is this no longer panics, but it still doesn't work. > > This turns out to be somewhat tricky. > The underlying problem is one of address scope. > > It can be fixed on the receive side with a patch like this: > > diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c > index 81290f91b40..d68f81ddf15 100644 > --- a/sys/netpfil/pf/pf.c > +++ b/sys/netpfil/pf/pf.c > @@ -6538,8 +6538,12 @@ done: > pd.proto == IPPROTO_UDP) && s != NULL && s->nat_rule.ptr != > NULL && > (s->nat_rule.ptr->action == PF_RDR || > s->nat_rule.ptr->action == PF_BINAT) && > IN6_IS_ADDR_LOOPBACK(&pd.dst->v6)) > - m->m_flags |= M_SKIP_FIREWALL; > + m->m_flags |= M_SKIP_FIREWALL | M_FASTFWD_OURS; > I am not sure this is really what is happening here. Can you provide more data from your analysis? > > This tells ip6_input() to skip the scope checks, which seems appropriate. > It still fails on the reply packet though, so this doesn't actually fix the > whole use case. > > -- > You are receiving this mail because: > You are on the CC list for the bug. > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" > -- Ermal _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
