git: a81f5112a002 - main - pf: clear PF_TAG_ROUTE_TO for dummynet fast path

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Wed, 26 Apr 2023 15:10:04 UTC 
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=a81f5112a002196936eacabfc7ab173ce8a5630a

commit a81f5112a002196936eacabfc7ab173ce8a5630a
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-04-26 13:12:30 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-04-26 15:09:47 +0000

    pf: clear PF_TAG_ROUTE_TO for dummynet fast path
    
    Similar to the PF_TAG_DUMMYNET we must also clear the route tag if
    dummynet didn't keep the packet. In that case we'd continue immediately
    and there'd be no need for the route tag. Keeping it could lead to
    unexpected routing of traffic.
    
    See also:       27407a6adc793bdfaef8a86ece32fb1b461429f0
    See also:       https://redmine.pfsense.org/issues/14055
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 5eebd44c297d..a8da800dd814 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -7076,8 +7076,10 @@ pf_dummynet_route(struct pf_pdesc *pd, int dir, struct pf_kstate *s,
 		if (pf_pdesc_to_dnflow(dir, pd, r, s, &dnflow)) {
 			pd->pf_mtag->flags |= PF_TAG_DUMMYNET;
 			ip_dn_io_ptr(m0, &dnflow);
-			if (*m0 != NULL)
+			if (*m0 != NULL) {
+				pd->pf_mtag->flags &= ~PF_TAG_ROUTE_TO;
 				pd->pf_mtag->flags &= ~PF_TAG_DUMMYNET;
+			}
 		}
 	}