From: bluhm Date: Mon, 5 Aug 2024 17:47:29 +0000 (+0000) Subject: Fix bridging IPv6 fragments with pf reassembly. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=270a6ceb8b1a2918dac81ffddddddd61befd4513;p=openbsd Fix bridging IPv6 fragments with pf reassembly. Sending IPv6 fragments over a bridge with pf did not work. During input pf reassembles the packet, and at bridge output it should be refragmented. This is only done for PF_FWD direction, but bridge(4) and veb(4) called pf_test() with PF_OUT argument. OK sashan@ --- diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index 154f7de7841..8f72c1c5453 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_bridge.c,v 1.370 2024/04/14 20:46:27 bluhm Exp $ */ +/* $OpenBSD: if_bridge.c,v 1.371 2024/08/05 17:47:29 bluhm Exp $ */ /* * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) @@ -70,7 +70,7 @@ #if NPF > 0 #include #define BRIDGE_IN PF_IN -#define BRIDGE_OUT PF_OUT +#define BRIDGE_OUT PF_FWD #else #define BRIDGE_IN 0 #define BRIDGE_OUT 1 diff --git a/sys/net/if_veb.c b/sys/net/if_veb.c index ebbca155c89..02d02ed0e70 100644 --- a/sys/net/if_veb.c +++ b/sys/net/if_veb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_veb.c,v 1.35 2024/02/13 12:22:09 bluhm Exp $ */ +/* $OpenBSD: if_veb.c,v 1.36 2024/08/05 17:47:29 bluhm Exp $ */ /* * Copyright (c) 2021 David Gwynne @@ -944,7 +944,7 @@ veb_broadcast(struct veb_softc *sc, struct veb_port *rp, struct mbuf *m0, * let pf look at it, but use the veb interface as a proxy. */ if (ISSET(ifp->if_flags, IFF_LINK1) && - (m0 = veb_pf(ifp, PF_OUT, m0)) == NULL) + (m0 = veb_pf(ifp, PF_FWD, m0)) == NULL) return; #endif @@ -1039,7 +1039,7 @@ veb_transmit(struct veb_softc *sc, struct veb_port *rp, struct veb_port *tp, #if NPF > 0 if (ISSET(ifp->if_flags, IFF_LINK1) && - (m = veb_pf(ifp0, PF_OUT, m)) == NULL) + (m = veb_pf(ifp0, PF_FWD, m)) == NULL) return (NULL); #endif