diff options
author | Gleb Smirnoff <glebius@FreeBSD.org> | 2014-08-15 04:35:34 +0000 |
---|---|---|
committer | Gleb Smirnoff <glebius@FreeBSD.org> | 2014-08-15 04:35:34 +0000 |
commit | 11341cf97e097775470cddb742190aa5da07cc58 (patch) | |
tree | fdb17548b963bfd02aa2759d268d4910f44da122 /sys/netpfil/pf | |
parent | 73d76e77b613b979905eb52f71d79ccd1cf1a254 (diff) | |
download | src-11341cf97e097775470cddb742190aa5da07cc58.tar.gz src-11341cf97e097775470cddb742190aa5da07cc58.zip |
Fix synproxy with IPv6. pf_test6() was missing a check for M_SKIP_FIREWALL.
PR: 127920
Submitted by: Kajetan Staszkiewicz <vegeta tuxpowered.net>
Sponsored by: InnoGames GmbH
Notes
Notes:
svn path=/head/; revision=270010
Diffstat (limited to 'sys/netpfil/pf')
-rw-r--r-- | sys/netpfil/pf/pf.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index ec7c786416b9..d65bea99b01c 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -6066,6 +6066,9 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp) if (kif->pfik_flags & PFI_IFLAG_SKIP) return (PF_PASS); + if (m->m_flags & M_SKIP_FIREWALL) + return (PF_PASS); + PF_RULES_RLOCK(); /* We do IP header normalization and packet reassembly here */ |