dummynet: pfil skip for IPv4 and IPv6

Based on a patch originally found in m0n0wall, expanded
to IPv6 and aligned with FreeBSD's IP input path.

sys/netinet/ip_input.c

@@ -463,6 +463,16 @@ ip_input(struct mbuf *m)
 		goto ours;
 	}
 
+	if (m->m_flags & M_SKIP_PFIL) {
+		m->m_flags &= ~M_SKIP_PFIL;
+		/* Set up some basics that will be used later. */
+		ip = mtod(m, struct ip *);
+		hlen = ip->ip_hl << 2;
+		ip_len = ntohs(ip->ip_len);
+		ifp = m->m_pkthdr.rcvif;
+		goto reinjected;
+	}
+
 	IPSTAT_INC(ips_total);
 
 	if (m->m_pkthdr.len < sizeof(struct ip))
@@ -594,6 +604,7 @@ ip_input(struct mbuf *m)
 		m->m_flags &= ~M_FASTFWD_OURS;
 		goto ours;
 	}
+reinjected:
 	if (m->m_flags & M_IP_NEXTHOP) {
 		if (m_tag_find(m, PACKET_TAG_IPFORWARD, NULL) != NULL) {
 			/*

sys/netinet6/in6.h

@@ -653,6 +653,7 @@ struct ip6_mtuinfo {
 #define	M_LOOP			M_PROTO6
 #define	M_AUTHIPDGM		M_PROTO7
 #define	M_RTALERT_MLD		M_PROTO8
+#define	M_SKIP_PFIL		M_PROTO12	/* skip pfil processing */
 
 #ifdef _KERNEL
 struct cmsghdr;

sys/netinet6/ip6_input.c

@@ -539,6 +539,16 @@ ip6_input(struct mbuf *m)
 		goto hbhcheck;
 	}
 
+	if (m->m_flags & M_SKIP_PFIL) {
+		/*
+		 * Dummynet reinjected this packet.
+		 */
+		m->m_flags &= ~M_SKIP_PFIL;
+		deliverifp = m->m_pkthdr.rcvif;
+		ip6 = mtod(m, struct ip6_hdr *);
+		goto reinjected;
+	}
+
 	/*
 	 * mbuf statistics
 	 */
@@ -725,6 +735,7 @@ ip6_input(struct mbuf *m)
 		ours = 1;
 		goto hbhcheck;
 	}
+reinjected:
 	if ((m->m_flags & M_IP6_NEXTHOP) &&
 	    m_tag_find(m, PACKET_TAG_IPFORWARD, NULL) != NULL) {
 		/*

sys/netpfil/ipfw/ip_dn_io.c

@@ -788,11 +788,15 @@ dummynet_send(struct mbuf *m)
 			break ;
 
 		case DIR_IN :
+			m_tag_delete(m, tag);
+		        m->m_flags |= M_SKIP_PFIL;
 			netisr_dispatch(NETISR_IP, m);
 			break;
 
 #ifdef INET6
 		case DIR_IN | PROTO_IPV6:
+			m_tag_delete(m, tag);
+		        m->m_flags |= M_SKIP_PFIL;
 			netisr_dispatch(NETISR_IPV6, m);
 			break;