git: a81f5112a002 - main - pf: clear PF_TAG_ROUTE_TO for dummynet fast path
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 26 Apr 2023 15:10:04 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=a81f5112a002196936eacabfc7ab173ce8a5630a commit a81f5112a002196936eacabfc7ab173ce8a5630a Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2023-04-26 13:12:30 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2023-04-26 15:09:47 +0000 pf: clear PF_TAG_ROUTE_TO for dummynet fast path Similar to the PF_TAG_DUMMYNET we must also clear the route tag if dummynet didn't keep the packet. In that case we'd continue immediately and there'd be no need for the route tag. Keeping it could lead to unexpected routing of traffic. See also: 27407a6adc793bdfaef8a86ece32fb1b461429f0 See also: https://redmine.pfsense.org/issues/14055 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 5eebd44c297d..a8da800dd814 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -7076,8 +7076,10 @@ pf_dummynet_route(struct pf_pdesc *pd, int dir, struct pf_kstate *s, if (pf_pdesc_to_dnflow(dir, pd, r, s, &dnflow)) { pd->pf_mtag->flags |= PF_TAG_DUMMYNET; ip_dn_io_ptr(m0, &dnflow); - if (*m0 != NULL) + if (*m0 != NULL) { + pd->pf_mtag->flags &= ~PF_TAG_ROUTE_TO; pd->pf_mtag->flags &= ~PF_TAG_DUMMYNET; + } } }