diff options
| author |   bluhm <bluhm@openbsd.org> | 2020-08-06 19:47:44 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2020-08-06 19:47:44 +0000 |
| commit | 8c5797b41217b69657e0752e86c7c424530de50c (patch) | |
| tree | fa93936cc02a34abaf0511fabf62ee5cfd3694c9 | |
| parent | Avoid reading one byte before the path buffer. (diff) | |
| download | wireguard-openbsd-8c5797b41217b69657e0752e86c7c424530de50c.tar.xz wireguard-openbsd-8c5797b41217b69657e0752e86c7c424530de50c.zip | |
Allow pf(4) to divert packets from bridge(4) to local socket.
joint work markus@ patrick@ bluhm@
| -rw-r--r-- | sys/net/if_bridge.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index 78cf3f69967..b2fe96c9386 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_bridge.c,v 1.344 2020/07/30 11:32:06 mvs Exp $ */ +/* $OpenBSD: if_bridge.c,v 1.345 2020/08/06 19:47:44 bluhm Exp $ */ /* * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) @@ -1744,6 +1744,17 @@ bridge_ip(struct ifnet *brifp, int dir, struct ifnet *ifp, ip->ip_sum = in_cksum(m, hlen); } +#if NPF > 0 + if (dir == BRIDGE_IN && + m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) { + m_resethdr(m); + m->m_pkthdr.ph_ifidx = ifp->if_index; + m->m_pkthdr.ph_rtableid = ifp->if_rdomain; + ipv4_input(ifp, m); + return (NULL); + } +#endif /* NPF > 0 */ + break; #ifdef INET6 @@ -1782,6 +1793,17 @@ bridge_ip(struct ifnet *brifp, int dir, struct ifnet *ifp, #endif /* NPF > 0 */ in6_proto_cksum_out(m, ifp); +#if NPF > 0 + if (dir == BRIDGE_IN && + m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) { + m_resethdr(m); + m->m_pkthdr.ph_ifidx = ifp->if_index; + m->m_pkthdr.ph_rtableid = ifp->if_rdomain; + ipv6_input(ifp, m); + return (NULL); + } +#endif /* NPF > 0 */ + break; } #endif /* INET6 */ |