PF divert-packet does not work with IPv6, only IPv4
I had to forward this in because my ISP blocks SMTP, apologies if the formatting is incorrect.
>Synopsis: PF divert-packet does not work with IPv6, only IPv4
System : OpenBSD 6.7
Details : OpenBSD 6.7-current (GENERIC.MP) #194: Sun May 17 09:52:26 MDT 2020
Machine : amd64
Recently, I have set up Suricata on OpenBSD and was able to get it to work with IPv4 using divert-packet. However, when I attempted to use IPv6 using divert-packet, I lost all connectivity.
When I used this rule:
pass out on $lan inet divert-packet port 700
It worked with only IPv4, as it should, but it diverted perfectly.
When I attempted this rule:
pass out on $lan inet6 divert-packet port 700
I lost all IPv6 connectivity.
Thinking the problem could be with Suricata, I rewrite the divert(4) IPv4 example program to support IPv6 and I still encountered the same problem. According to the program, it looked like the IPv6 was being diverted, but I still had no IPv6 connectivity. Which leads me to believe that there could be something wrong with divert-packet in the re-insertion process after being diverted when using IPv6. Although, I am a horrible programmer, so it is quite possible that the program itself is flawed. However, both Suricata and this program do not work with IPv6.
Here is the divert(4) program rewritten for IPv6:
<how to correct or work around the problem, if known (multiple lines)>