In OpenBSD 6.0 we had the check (ip6_forward_rt.ro_tableid !=

m->m_pkthdr.ph_rtableid) after going to reroute in ip6_forward().
As this had been lost during refactoring, the old route was used
after pf has changed the routing table.  Solution is to reset the
route, then it is not valid and will be reallocated.
from markus@; OK mpi@

diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c
index 81e2a80..2eff007 100644 (file)
--- a/sys/netinet6/ip6_forward.c
+++ b/sys/netinet6/ip6_forward.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ip6_forward.c,v 1.94 2017/02/05 16:04:14 jca Exp $    */
+/*     $OpenBSD: ip6_forward.c,v 1.95 2017/06/30 11:29:15 bluhm Exp $  */
 /*     $KAME: ip6_forward.c,v 1.75 2001/06/29 12:42:13 jinmei Exp $    */
 
 /*
@@ -298,6 +298,8 @@ reroute:
                /* tag as generated to skip over pf_test on rerun */
                m->m_pkthdr.pf.flags |= PF_TAG_GENERATED;
                srcrt = 1;
+               rtfree(rt);
+               rt = NULL;
                if_put(ifp);
                ifp = NULL;
                goto reroute;