hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2025-01-11 17:04:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
b15110fb0d
HardenedBSD/sys/netpfil
History
Mark Johnston 4a7c6d6206 pf: Fix handling of v6 loopback connections with pf syncookies enabled 
The SYN|ACK generated by pf needs to inherit M_LOOP from the original
SYN, otherwise it gets dropped by ip6_input().

Fix this by adding an mbuf_flags argument to pf_build_tcp() that can be
used to set both M_SKIP_FIREWALL and M_LOOP as needed.  Set M_LOOP on
the output mbuf if it was generated in response to an mbuf with M_LOOP
set.

Add a regression test case.  The v4 case had no problems, but the v6
case fails without this change.

Reviewed by:	kp
MFC after:	1 month
Sponsored by:	Klara, Inc.
Sponsored by:	Zenarmor
Differential Revision:	https://reviews.freebsd.org/D47257
2024-10-29 15:01:20 +00:00
..
ipfilter/netinet ipfilter(4): Fix typos in source code comments 2024-07-21 11:02:31 +02:00
ipfw dummynet: fix pie 2024-09-06 12:34:33 -06:00
pf pf: Fix handling of v6 loopback connections with pf syncookies enabled 2024-10-29 15:01:20 +00:00