https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268246
--- Comment #72 from Kristof Provost <k...@freebsd.org> ---
I'm still failing to reproduce, but this should be close to a real fix:
diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
index 47c3217f399c..4ebd304b1c13 100644
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -102,6 +102,9 @@ __FBSDID("$FreeBSD$");
#include <netinet/tcp_fsm.h>
#include <netinet/tcp_seq.h>
+#include <netinet/ip6.h>
+#include <netinet6/ip6_var.h>
+
#define PFSYNC_MINPKT ( \
sizeof(struct ip) + \
sizeof(struct pfsync_header) + \
@@ -2325,7 +2328,8 @@ pfsyncintr(void *arg)
struct pfsync_softc *sc = arg;
struct pfsync_bucket *b;
struct mbuf *m, *n;
- int c;
+ struct ip *ip;
+ int c, error;
NET_EPOCH_ENTER(et);
CURVNET_SET(sc->sc_ifp->if_vnet);
@@ -2345,15 +2349,26 @@ pfsyncintr(void *arg)
n = m->m_nextpkt;
m->m_nextpkt = NULL;
+ ip = mtod(m, struct ip *);
+
/*
* We distinguish between a deferral packet and our
* own pfsync packet based on M_SKIP_FIREWALL
* flag. This is XXX.
*/
- if (m->m_flags & M_SKIP_FIREWALL)
- ip_output(m, NULL, NULL, 0, NULL, NULL);
- else if (ip_output(m, NULL, NULL, IP_RAWOUTPUT,
&sc->sc_imo,
- NULL) == 0)
+ if (m->m_flags & M_SKIP_FIREWALL) {
+ if (ip->ip_v == IPVERSION)
+ error = ip_output(m, NULL, NULL, 0,
NULL, NULL);
+ else
+ error = ip6_output(m, NULL, NULL, 0,
NULL, NULL, NULL);
+ } else {
+ if (ip->ip_v == IPVERSION)
+ error = ip_output(m, NULL, NULL,
IP_RAWOUTPUT, &sc->sc_imo,
+ NULL);
+ else
+ error = ENOTSUP; // When we add pfsync
over IPv6
+ }
+ if (error == 0)
V_pfsyncstats.pfsyncs_opackets++;
else
V_pfsyncstats.pfsyncs_oerrors++;
--
You are receiving this mail because:
You are the assignee for the bug.
