The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=797b94504f4fd457aef694c236705c1bd850f2f7
commit 797b94504f4fd457aef694c236705c1bd850f2f7
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2022-04-22 14:11:31 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2022-04-22 14:55:23 +0000
udp6: allow udp_tun_func_t() to indicate it did not eat the packet
Implement the same filter feature we implemented for UDP over IPv6 in
742e7210d. This was missed in that commit.
Pointed out by: markj
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netinet6/udp6_usrreq.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c
index 2f463da9b01b..20b78009854e 100644
--- a/sys/netinet6/udp6_usrreq.c
+++ b/sys/netinet6/udp6_usrreq.c
@@ -146,6 +146,7 @@ udp6_append(struct inpcb *inp, struct mbuf *n, int off,
struct socket *so;
struct mbuf *opts = NULL, *tmp_opts;
struct udpcb *up;
+ bool filtered;
INP_LOCK_ASSERT(inp);
@@ -156,10 +157,11 @@ udp6_append(struct inpcb *inp, struct mbuf *n, int off,
if (up->u_tun_func != NULL) {
in_pcbref(inp);
INP_RUNLOCK(inp);
- (*up->u_tun_func)(n, off, inp, (struct sockaddr *)&fromsa[0],
- up->u_tun_ctx);
+ filtered = (*up->u_tun_func)(n, off, inp,
+ (struct sockaddr *)&fromsa[0], up->u_tun_ctx);
INP_RLOCK(inp);
- return (in_pcbrele_rlocked(inp));
+ if (filtered)
+ return (in_pcbrele_rlocked(inp));
}
#if defined(IPSEC) || defined(IPSEC_SUPPORT)
/* Check AH/ESP integrity. */
