ipfw: correctly restore shared forwarding info

PR: https://github.com/opnsense/core/issues/1900 (cherry picked from commit d1cb3383d6) (cherry picked from commit d59de14736) (cherry picked from commit 529bbe68b3)
2026-06-09 08:43:19 -04:00 · 2018-03-27 08:20:22 +02:00 · 2018-03-27 08:20:22 +02:00 · 7f3d1cf1a3
commit 7f3d1cf1a3
parent 76d691b366
1 changed files with 28 additions and 0 deletions
--- a/sys/netpfil/ipfw/ip_fw_pfil.c
+++ b/sys/netpfil/ipfw/ip_fw_pfil.c
@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/sysctl.h>

 #include <net/if.h>
+#include <net/if_var.h>
 #include <net/route.h>
 #include <net/ethernet.h>
 #include <net/pfil.h>
@ -124,6 +125,7 @@ ipfw_check_packet(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
 {
 	struct ip_fw_args args;
 	struct m_tag *tag;
+	u_short ifidx = 0;
 	int ipfw;
 	int ret;

@ -131,6 +133,32 @@ ipfw_check_packet(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
 	dir = (dir == PFIL_IN) ? DIR_IN : DIR_OUT;
 	bzero(&args, sizeof(args));

+	/* restore the correct forwarding interface */
+	if (dir == DIR_OUT) switch (mtod(*m0, struct ip *)->ip_v) {
+#ifdef INET6
+	case IPV6_VERSION >> 4:
+		if (IP6_HAS_NEXTHOP(*m0)) {
+			ip6_get_fwdtag(*m0, NULL, &ifidx);
+		}
+		/* FALLTHROUGH */
+#endif
+#ifdef INET
+	case IPVERSION:
+		if (IP_HAS_NEXTHOP(*m0)) {
+			ip_get_fwdtag(*m0, NULL, &ifidx);
+		}
+		/* FALLTHROUGH */
+#endif
+	default:
+		if (ifidx != 0) {
+			struct ifnet *nifp = ifnet_byindex(ifidx);
+			if (nifp != NULL) {
+				ifp = nifp;
+			}
+		}
+		break;
+	}
+
 again:
 	/*
 	 * extract and remove the tag if present. If we are left