calling if_output with a route to a local IP is confusing, and I'm not
sure it makes sense anyway.
this treats a an RTF_LOCAL route like an invalid round and drops the
packet.
ok?
Index: pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.1104
diff -u -p -r1.1104 pf.c
--- pf.c 27 Jan 2021 23:53:35 -0000 1.1104
+++ pf.c 27 Jan 2021 23:55:49 -0000
@@ -6054,7 +6054,7 @@ pf_route(struct pf_pdesc *pd, struct pf_
}
rt = rtalloc(sintosa(dst), RT_RESOLVE, rtableid);
- if (!rtisvalid(rt)) {
+ if (!rtisvalid(rt) || ISSET(rt->rt_flags, RTF_LOCAL)) {
if (r->rt != PF_DUPTO) {
pf_send_icmp(m0, ICMP_UNREACH, ICMP_UNREACH_HOST,
0, pd->af, s->rule.ptr, pd->rdomain);
@@ -6213,7 +6213,7 @@ pf_route6(struct pf_pdesc *pd, struct pf
if (IN6_IS_SCOPE_EMBED(&dst->sin6_addr))
dst->sin6_addr.s6_addr16[1] = htons(ifp->if_index);
rt = rtalloc(sin6tosa(dst), RT_RESOLVE, rtableid);
- if (!rtisvalid(rt)) {
+ if (!rtisvalid(rt) || ISSET(rt->rt_flags, RTF_LOCAL)) {
if (r->rt != PF_DUPTO) {
pf_send_icmp(m0, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_NOROUTE, 0,
