Give this patch inline a try:
--- a/patches/releng/10.1/pf_reply-to.enahnce.diff
+++ b/patches/releng/10.1/pf_reply-to.enahnce.diff
@@ -1,8 +1,33 @@
+diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
+index 837b617..b6c37a9 100644
+--- a/sys/netinet6/ip6_output.c
++++ b/sys/netinet6/ip6_output.c
+@@ -185,7 +185,7 @@ static int copypktopts(struct ip6_pktopts *,
struct ip6_pktopts *, int);
+ }\
+ } while (/*CONSTCOND*/ 0)
+
+-static void
++void
+ in6_delayed_cksum(struct mbuf *m, uint32_t plen, u_short offset)
+ {
+ u_short csum;
+diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h
+index 70e487e..0d72b37 100644
+--- a/sys/netinet6/ip6_var.h
++++ b/sys/netinet6/ip6_var.h
+@@ -445,6 +445,7 @@ int rip6_usrreq(struct socket *,
+ int dest6_input(struct mbuf **, int *, int);
+ int none_input(struct mbuf **, int *, int);
+
++void in6_delayed_cksum(struct mbuf *, uint32_t, u_short);
+ int in6_selectsrc(struct sockaddr_in6 *, struct ip6_pktopts *,
+ struct inpcb *inp, struct route_in6 *, struct ucred *cred,
+ struct ifnet **, struct in6_addr *);
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
-index 6bc7ce6..2ceaf0e 100644
+index a76d06e..257fae2 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
-@@ -343,11 +343,9 @@ do {
\
+@@ -335,11 +335,9 @@ do {
\
} \
if ((d) == PF_OUT && \
(((s)->rule.ptr->rt == PF_ROUTETO && \
@@ -17,7 +42,7 @@ index 6bc7ce6..2ceaf0e 100644
return (PF_PASS); \
} while (0)
-@@ -5888,7 +5886,12 @@ pf_route(struct mbuf **m, struct pf_rule *r,
int dir, struct ifnet *oifp,
+@@ -5646,7 +5644,12 @@ pf_route(struct mbuf **m, struct pf_rule *r,
int dir, struct ifnet *oifp,
else if (r->rt == PF_ROUTETO && r->direction == dir &&
in_localip(ip->ip_dst))
return;
@@ -31,7 +56,7 @@ index 6bc7ce6..2ceaf0e 100644
if (in_broadcast(ip->ip_dst, oifp)) /* XXX: LOCKING of address
list?! */
return;
-@@ -6127,7 +6130,12 @@ pf_route6(struct mbuf **m, struct pf_rule *r,
int dir, struct ifnet *oifp,
+@@ -5885,7 +5888,12 @@ pf_route6(struct mbuf **m, struct pf_rule *r,
int dir, struct ifnet *oifp,
} else if (r->rt == PF_ROUTETO && r->direction == dir &&
in6_localaddr(&ip6->ip6_dst))
return;
@@ -45,3 +70,31 @@ index 6bc7ce6..2ceaf0e 100644
if (s && r->rt == PF_ROUTETO && pd->nat_rule != NULL &&
r->direction == PF_OUT && r->direction == dir &&
pd->pf_mtag->routed < 2) {
+diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
+index dbd92f9..621a4f5 100644
+--- a/sys/netpfil/pf/pf_ioctl.c
++++ b/sys/netpfil/pf/pf_ioctl.c
+@@ -72,6 +72,7 @@ __FBSDID("$FreeBSD$");
+ #include <netinet/in.h>
+ #include <netinet/ip.h>
+ #include <netinet/ip_var.h>
++#include <netinet6/ip6_var.h>
+ #include <netinet/ip_icmp.h>
+
+ #ifdef INET6
+@@ -3690,12 +3691,9 @@ pf_check6_out(void *arg, struct mbuf **m,
struct ifnet *ifp, int dir,
+ int chk;
+
+ /* We need a proper CSUM before we start (s. OpenBSD ip_output) */
+- if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
+-#ifdef INET
+- /* XXX-BZ copy&paste error from r126261? */
+- in_delayed_cksum(*m);
+-#endif
+- (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
++ if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) {
++ in6_delayed_cksum(*m, (*m)->m_pkthdr.len - sizeof(struct
ip6_hdr),
sizeof(struct ip6_hdr));
++ (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6;
+ }
+ CURVNET_SET(ifp->if_vnet);
+ chk = pf_test6(PF_OUT, ifp, m, inp);
On Wed, Nov 5, 2014 at 3:29 PM, <bugzilla-nore...@freebsd.org> wrote:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=172648
Kurt Jaeger <p...@freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |p...@freebsd.org
--- Comment #3 from Kurt Jaeger <p...@freebsd.org> ---
See
https://lists.freebsd.org/pipermail/freebsd-net/2014-November/040319.html
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
