On 21 Mar 2017, at 11:24, Ermal Luçi wrote:
On Sun, Mar 19, 2017 at 9:41 PM, <bugzilla-nore...@freebsd.org> wrote:
+ m->m_flags |= M_SKIP_FIREWALL | M_FASTFWD_OURS;
I am not sure this is really what is happening here.
Can you provide more data from your analysis?
In ip6_input(), immediately after the pfil hook there’s a check for
M_FASTFWD_OURS.
If that flag is set we jump to hbhcheck, which skips all of the scope
validation.
In the given test case (rdr log on vtnet0 inet6 proto tcp from any to
any port 80 -> ::1 port 8000 for example),
I also see, in the output of `netstat -s -6` ‘X packets that violated
scope rules’ increment.
That still doesn’t work, but now I do see ip6_output() being called,
and the packet being discarded due to scope issues there (through simple
printf()s in the function).
Regards,
Kristof
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
