From 7f3d1cf1a37266ecf3d30541c4cfa6d72e73e54a Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Tue, 27 Mar 2018 08:20:22 +0200
Subject: [PATCH] ipfw: correctly restore shared forwarding info

PR: https://github.com/opnsense/core/issues/1900

(cherry picked from commit d1cb3383d631dd02638634df209ef466d4c4fcef)
(cherry picked from commit d59de14736158b1434f6f78cbaaaad72712ef92b)
(cherry picked from commit 529bbe68b30e46728ccce2a94d97efd13a00bdf5)
---
 sys/netpfil/ipfw/ip_fw_pfil.c | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/sys/netpfil/ipfw/ip_fw_pfil.c b/sys/netpfil/ipfw/ip_fw_pfil.c
index dd7071fd52e..29d206f2234 100644
--- a/sys/netpfil/ipfw/ip_fw_pfil.c
+++ b/sys/netpfil/ipfw/ip_fw_pfil.c
@@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/sysctl.h>
 
 #include <net/if.h>
+#include <net/if_var.h>
 #include <net/route.h>
 #include <net/ethernet.h>
 #include <net/pfil.h>
@@ -124,6 +125,7 @@ ipfw_check_packet(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
 {
 	struct ip_fw_args args;
 	struct m_tag *tag;
+	u_short ifidx = 0;
 	int ipfw;
 	int ret;
 
@@ -131,6 +133,32 @@ ipfw_check_packet(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
 	dir = (dir == PFIL_IN) ? DIR_IN : DIR_OUT;
 	bzero(&args, sizeof(args));
 
+	/* restore the correct forwarding interface */
+	if (dir == DIR_OUT) switch (mtod(*m0, struct ip *)->ip_v) {
+#ifdef INET6
+	case IPV6_VERSION >> 4:
+		if (IP6_HAS_NEXTHOP(*m0)) {
+			ip6_get_fwdtag(*m0, NULL, &ifidx);
+		}
+		/* FALLTHROUGH */
+#endif
+#ifdef INET
+	case IPVERSION:
+		if (IP_HAS_NEXTHOP(*m0)) {
+			ip_get_fwdtag(*m0, NULL, &ifidx);
+		}
+		/* FALLTHROUGH */
+#endif
+	default:
+		if (ifidx != 0) {
+			struct ifnet *nifp = ifnet_byindex(ifidx);
+			if (nifp != NULL) {
+				ifp = nifp;
+			}
+		}
+		break;
+	}
+
 again:
 	/*
 	 * extract and remove the tag if present. If we are left