To allow openvpn's PF code to inspect IP packets contained within 802.1Q packets, this patch enhances mroute_extract_addr_ether() to properly skip over the 802.1Q header. --- mroute.c | 10 +++++++++- 1 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/mroute.c b/mroute.c index 1040b8f..4aa7bb4 100644 --- a/mroute.c +++ b/mroute.c @@ -205,7 +205,15 @@ mroute_extract_addr_ether (struct mroute_addr *src, struct buffer b = *buf; if (buf_advance (&b, sizeof (struct openvpn_ethhdr))) { - switch (ntohs (eth->proto)) + uint16_t proto = ntohs (eth->proto); + if (proto == OPENVPN_ETH_P_8021Q) + { + const struct openvpn_8021qhdr *tag = (const struct openvpn_8021qhdr *) BPTR (buf); + proto = ntohs (tag->proto); + buf_advance (&b, SIZE_ETH_TO_8021Q_HDR); + } + + switch (proto) { case OPENVPN_ETH_P_IPV4: ret |= (mroute_extract_addr_ipv4 (esrc, edest, &b) << MROUTE_SEC_SHIFT); -- 1.7.0