On Wed, Jan 24, 2018 at 3:16 AM, Andrey V. Elsukov <bu7c...@yandex.ru> wrote:
> On 24.01.2018 02:26, Andrey V. Elsukov wrote: > > I think it is correct behavior if you try to forward to loopback > > address. In case when you listen on the LLA and fwd to this LLA there is > > seems the bug. > > > > # ipfw add fwd fe80::e6a7:a0ff:fe8e:16bf%lagg0,5678 tcp from any to any > > dst-port 4000 > > # nc -6 -l fe80::e6a7:a0ff:fe8e:16bf%lagg0 5678 > > > > This doesn't work, because ip6_input() doesn't embed scope zone index > > into IPv6 header's addresses before TCP segment will be handled by > > tcp_input(). > > > > I think the bug is in ipfw_check_packet() function. Since it changes > > destination address and sets M_FASTFWD_OURS flag, it also should embed > > scope zone id into ip6_src/ip6_dst and check for scope violation like > > ip6_input() does just after "passin" label. > > > > With this patch I'm able to use above commands and they work. > After some thought I think it is not quite correct to embed scope zone > id into IP header in the pfil hook, because several hooks can be chained > and this can break another check. Instead, can you test this patch? > > I moved M_FASTFWD_OURS check below of scope check, now if fwd address is > our local, scope zone index will be correctly embedded into IP header if > this is needed. And thus tcp_input() will correctly handle this case. > > -- > WBR, Andrey V. Elsukov > Yep. With that patch I can receive the redirected packet whether listening on the unspecified address or on the LLA. -Alan _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
