Attachment 239274 Details for Bug 268717 – possible fix for redirects initiated by localhost

[patch] possible fix for redirects initiated by localhost

rdr.diff (text/plain), 1.31 KB, created by dfr on 2023-01-05 08:35:25 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: dfr

Created: 2023-01-05 08:35:25 UTC

Size: 1.31 KB

patch

obsolete

>commit 29d830b79043b0d771673d147921400f4e6a6941
>Author: Doug Rabson <dfr@FreeBSD.org>
>Date:   Wed Jan 4 16:15:57 2023 +0000
>
>    WIP: PF redirects from localhost
>
>diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
>index c0c34fba0409..7a2c9943d520 100644
>--- a/sys/netpfil/pf/pf.c
>+++ b/sys/netpfil/pf/pf.c
>@@ -7492,6 +7492,15 @@ pf_test(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb *
> 			action = PF_DROP;
> 			REASON_SET(&reason, PFRES_MEMORY);
> 		}
>+		if (dir == PF_IN && pf_isforlocal(m, AF_INET)) {
>+			/*
>+			 * This packet is for us. To allow PF_RDR rules to work
>+			 * for connections initiated on the local host, we need
>+			 * to simulate a PF_OUT transition to allow the redirect
>+			 * to be reversed.
>+			 */
>+			action = pf_test(PF_OUT, pflags, ifp, m0, inp);
>+		}
> 		break;
> 	}
> 
>@@ -7941,6 +7950,15 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb
> 			action = PF_DROP;
> 			REASON_SET(&reason, PFRES_MEMORY);
> 		}
>+		if (dir == PF_IN && pf_isforlocal(m, AF_INET6)) {
>+			/*
>+			 * This packet is for us. To allow PF_RDR rules to work
>+			 * for connections initiated on the local host, we need
>+			 * to simulate a PF_OUT transition to allow the redirect
>+			 * to be reversed.
>+			 */
>+			action = pf_test6(PF_OUT, pflags, ifp, m0, inp);
>+		}
> 		break;
> 	}
>

Actions: View | Diff

Attachments on bug 268717: 239212 | 239234 | 239274 | 239803