netinet6?: ip6?_tryforward() should not strip forward tags...

and yield the packet back in case a fast redirect is not fast because
we force a different interface than the one that is currently selected.

sys/netinet/ip_fastfwd.c

@@ -302,7 +302,6 @@ passin:
 		struct sockaddr_in tmp;
 		if (!ip_get_fwdtag(m, &tmp, NULL)) {
 			dest.s_addr = tmp.sin_addr.s_addr;
-			ip_flush_fwdtag(m);
 		}
 	}
 
@@ -338,6 +337,7 @@ passin:
 	 * Destination address changed?
 	 */
 	if (odest.s_addr != dest.s_addr || IP_HAS_NEXTHOP(m)) {
+		struct ifnet *nifp = NULL;
 		/*
 		 * Is it now for a local address on this host?
 		 */
@@ -354,15 +354,16 @@ forwardlocal:
 		 */
 		if (IP_HAS_NEXTHOP(m)) {
 			struct sockaddr_in tmp;
-			if (ip_get_fwdtag(m, &tmp, NULL)) {
+			if (ip_get_fwdtag(m, &tmp, &nifp)) {
 				return (NULL);
 			}
 			dest.s_addr = tmp.sin_addr.s_addr;
-			ip_flush_fwdtag(m);
 		}
 		if (dest.s_addr != rtdest.s_addr &&
 		    ip_findroute(&nh, dest, m) != 0)
 			return (NULL);	/* icmp unreach already sent */
+		if (nifp != NULL && nifp != nh.nh_ifp)
+			return (m);	/* explicit interface wins */
 	}
 
 passout:

sys/netinet6/ip6_fastfwd.c

@@ -182,7 +182,6 @@ ip6_tryforward(struct mbuf *m)
 			return (NULL);
 		}
 		dst.sin6_addr = tmp.sin6_addr;
-		ip6_flush_fwdtag(m);
 	} else {
 		/* Update dst since pfil could change it */
 		dst.sin6_addr = ip6->ip6_dst;
@@ -245,13 +244,13 @@ passin:
 	ip6 = mtod(m, struct ip6_hdr *);
 	if (IP6_HAS_NEXTHOP(m) ||
 	    !IN6_ARE_ADDR_EQUAL(&dst.sin6_addr, &ip6->ip6_dst)) {
+		struct ifnet *nifp = NULL;
 		if (IP6_HAS_NEXTHOP(m)) {
 			struct sockaddr_in6 tmp;
-			if (ip6_get_fwdtag(m, &tmp, NULL)) {
+			if (ip6_get_fwdtag(m, &tmp, &nifp)) {
 				return (NULL);
 			}
 			dst.sin6_addr = tmp.sin6_addr;
-			ip6_flush_fwdtag(m);
 		} else
 			dst.sin6_addr = ip6->ip6_dst;
 		/*
@@ -261,6 +260,8 @@ passin:
 			m = NULL;
 			goto dropout;
 		}
+		if (nifp != NULL && nifp != nh.nh_ifp)
+			return (m);	/* explicit interface wins */
 	}
 passout:
 #ifdef IPSTEALTH