diff options
| author | Martin Pieuchot <mpi@cvs.openbsd.org> | 2015-02-05 01:10:58 +0000 |
|---|---|---|
| committer | Martin Pieuchot <mpi@cvs.openbsd.org> | 2015-02-05 01:10:58 +0000 |
| commit | 9c617e3758be2054d11f2412c3a489e3281f74bd (patch) | |
| tree | e59bd77e422182832c1beb48e499ead97d9ba186 /sys/net/pf.c | |
| parent | 4d73dee4aabd2b00728ba212fd59df611497560a (diff) | |
Make sure pf(4) does not see embedded scopes.
Packets destinated to link-local addresses are looped back with embedded
scopes because we cannot restore them using the receiving interface (lo0).
Embedded scopes are needed by the routing table to match RTF_LOCAL routes,
but pf(4) never saw them and existing rules are likely to break without
teaching the rule engine about them, found by dlg@ the hard way.
So save and restore embedded scopes around pf_test() for packets going
through loopback.
ok dlg@, mikeb@
Diffstat (limited to 'sys/net/pf.c')
| -rw-r--r-- | sys/net/pf.c | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 447354ca924..9d87d1664b4 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.899 2015/01/24 00:29:06 deraadt Exp $ */ +/* $OpenBSD: pf.c,v 1.900 2015/02/05 01:10:57 mpi Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -819,11 +819,6 @@ pf_state_key_addr_setup(struct pf_pdesc *pd, void *arg, int sidx, default: if (multi == PF_ICMP_MULTI_LINK) { key->addr[sidx].addr32[0] = __IPV6_ADDR_INT32_MLL; - - if (IN6_IS_SCOPE_EMBED(&key->addr[didx].v6)) - key->addr[sidx].addr16[1] = - key->addr[didx].addr16[1]; - key->addr[sidx].addr32[1] = 0; key->addr[sidx].addr32[2] = 0; key->addr[sidx].addr32[3] = __IPV6_ADDR_INT32_ONE; |