CVSROOT: /cvs
Module name: src
Changes by: m...@cvs.openbsd.org 2015/02/04 18:10:57
Modified files:
sys/net : pf.c
sys/netinet6 : ip6_input.c ip6_output.c
Log message:
Make sure pf(4) does not see embedded scopes.
Packets destinated to link-local addresses are looped back with embedded
scopes because we cannot restore them using the receiving interface (lo0).
Embedded scopes are needed by the routing table to match RTF_LOCAL routes,
but pf(4) never saw them and existing rules are likely to break without
teaching the rule engine about them, found by dlg@ the hard way.
So save and restore embedded scopes around pf_test() for packets going
through loopback.
ok dlg@, mikeb@
