diff options
| author |   bluhm <bluhm@openbsd.org> | 2013-06-04 19:11:51 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2013-06-04 19:11:51 +0000 |
| commit | f49dc28f2c6a2297cc2775637c08fc38de15a6b6 (patch) | |
| tree | 7a1ec9ba1579d7fd66b223fe05f42947ce2c20e1 | |
| parent | Prevent panic'ing on alpha after ifconfig'ing up an unplugged de interface, (diff) | |
| download | wireguard-openbsd-f49dc28f2c6a2297cc2775637c08fc38de15a6b6.tar.xz wireguard-openbsd-f49dc28f2c6a2297cc2775637c08fc38de15a6b6.zip | |
Implement pf divert-to and divert-reply also for IPv6 raw sockets.
OK henning@ markus@
| -rw-r--r-- | sys/netinet6/icmp6.c | 14 | ||||
| -rw-r--r-- | sys/netinet6/raw_ip6.c | 19 |
2 files changed, 31 insertions, 2 deletions
diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index d0911355365..437d9d3f7bd 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: icmp6.c,v 1.128 2013/06/01 16:22:05 bluhm Exp $ */ +/* $OpenBSD: icmp6.c,v 1.129 2013/06/04 19:11:51 bluhm Exp $ */ /* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */ /* @@ -1884,6 +1884,18 @@ icmp6_rip6_input(struct mbuf **mp, int off) continue; if (in6p->in6p_ip6_nxt != IPPROTO_ICMPV6) continue; +#if NPF > 0 + if (m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) { + struct pf_divert *divert; + + /* XXX rdomain support */ + if ((divert = pf_find_divert(m)) == NULL) + continue; + if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, + &divert->addr.v6)) + continue; + } else +#endif if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr) && !IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, &ip6->ip6_dst)) continue; diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index 063267915fb..2c49fdf32ef 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: raw_ip6.c,v 1.57 2013/06/01 16:22:05 bluhm Exp $ */ +/* $OpenBSD: raw_ip6.c,v 1.58 2013/06/04 19:11:52 bluhm Exp $ */ /* $KAME: raw_ip6.c,v 1.69 2001/03/04 15:55:44 itojun Exp $ */ /* @@ -61,6 +61,8 @@ * @(#)raw_ip.c 8.2 (Berkeley) 1/4/94 */ +#include "pf.h" + #include <sys/param.h> #include <sys/malloc.h> #include <sys/mbuf.h> @@ -74,6 +76,9 @@ #include <net/if.h> #include <net/route.h> #include <net/if_types.h> +#if NPF > 0 +#include <net/pfvar.h> +#endif #include <netinet/in.h> #include <netinet/in_var.h> @@ -169,6 +174,18 @@ rip6_input(struct mbuf **mp, int *offp, int proto) if (in6p->in6p_ip6.ip6_nxt && in6p->in6p_ip6.ip6_nxt != proto) continue; +#if NPF > 0 + if (m->m_pkthdr.pf.flags & PF_TAG_DIVERTED) { + struct pf_divert *divert; + + /* XXX rdomain support */ + if ((divert = pf_find_divert(m)) == NULL) + continue; + if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, + &divert->addr.v6)) + continue; + } else +#endif if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr) && !IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, &ip6->ip6_dst)) continue; |