From nobody Tue Nov 23 17:48:12 2021
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id E6070188E1AC;
	Tue, 23 Nov 2021 17:48:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4HzBSX393Fz4hBh;
	Tue, 23 Nov 2021 17:48:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 40FDD1A97F;
	Tue, 23 Nov 2021 17:48:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1ANHmC5h095373;
	Tue, 23 Nov 2021 17:48:12 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1ANHmCgp095372;
	Tue, 23 Nov 2021 17:48:12 GMT
	(envelope-from git)
Date: Tue, 23 Nov 2021 17:48:12 GMT
Message-Id: <202111231748.1ANHmCgp095372@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 18d04cd2d42c - main - pf: align IPv6 dummynet handling with IPv4
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-main@freebsd.org
X-BeenThere: dev-commits-src-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 18d04cd2d42c16209c8f615bb9735dded328915b
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1637689692;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=a9gnag3k41/VZOUjwSY7j9p8XxMPoR0osiMF+F3lzRE=;
	b=LvaG2QYN8S75l34P7RQNS8nkDagcHg/f4sIpqtMYuVtOGTu0xKaddbmvTWzBQYKkDrOJfZ
	z03nAbFhzE1e7pp3CTibZfeuS/YvQCloTzbI78M3uWPvuWFlIlkk6wzeERuCqjCvrhw1M9
	70EBMFmYMm9ZukvWi3FBzG6/e0TcmRAt+Y+UB06GkXH6ByF0M3ng1FPp6iE9VenRnQnis1
	+7dc0YI0f/lKCAKrNyvYhGsL9yV8OKATJbYjGiWS49+N9GnVVLPh2uG84bORnmAwI3/b/U
	IBHIuNGuu2VR3h4AsyMaFGlXcuoTsMYIYFCgLJYrJ+qjPQ5O0vNQAScpogNIOw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1637689692; a=rsa-sha256; cv=none;
	b=kK/L0jegZ5SgNQQefAcyBCncQCx7EBpJubcNg59oa/LfA2yys41TUvXgANdbBgU60Yv2Bx
	HGVoUE35aLUdabPOMOqNDz2Zt+/077o6b1pwqJNU9atPxZ+PF/jO2RpE5vyS6M7UU1ExTK
	ZbYj6cWoeoPvFFyGzs9fZBU4T88T+lLBha8gqfJXLNBcDbOFP2Op6CGOdPEvuu2fbqVVSD
	UpDOMDLASNtYTXUvhSZEZ0pNbnskKhxKTCAYB+SE68AHrpzrQSPYVEpSImIcfhcyFKm/RH
	OHBKYNdlCowmBJRztQ7Tn1LNZrOj++QDBTNHzVWmi798Pc0aBHer9ACOU15E6A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=18d04cd2d42c16209c8f615bb9735dded328915b

commit 18d04cd2d42c16209c8f615bb9735dded328915b
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2021-11-22 20:28:10 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2021-11-23 15:46:15 +0000

    pf: align IPv6 dummynet handling with IPv4
    
    In e5c4987e3f we fixed issues with nat and dummynet, but only changed
    the IPv4 code. Make the same change for IPv6 as well.
    
    Reviewed by:    glebius
    MFC after:      3 weeks
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D33086
---
 sys/netpfil/pf/pf.c | 87 ++++++++++++++++++++++++++++-------------------------
 1 file changed, 46 insertions(+), 41 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 1ddb61836e2e..34fa7918d697 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -6873,6 +6873,7 @@ done:
 			if (ip_dn_io_ptr == NULL) {
 				m_freem(*m0);
 				*m0 = NULL;
+				action = PF_DROP;
 				REASON_SET(&reason, PFRES_MEMORY);
 			} else {
 				struct ip_fw_args dnflow;
@@ -6951,6 +6952,13 @@ pf_test6(int dir, int pflags, struct ifnet *ifp, struct mbuf **m0, struct inpcb
 			}
 			pd.pf_mtag->flags |= PF_PACKET_LOOPED;
 			m_tag_delete(m, ipfwtag);
+			if (rr->info & IPFW_IS_DUMMYNET) {
+				/* Dummynet re-injects packets after they've
+				 * completed their delay. We've already
+				 * processed them, so pass unconditionally. */
+				PF_RULES_RUNLOCK();
+				return (PF_PASS);
+			}
 		}
 	} else if (pf_normalize_ip6(m0, dir, kif, &reason, &pd) != PF_PASS) {
 		action = PF_DROP;
@@ -7211,47 +7219,6 @@ done:
 	}
 #endif /* ALTQ */
 
-	if (s && (s->dnpipe || s->dnrpipe)) {
-		pd.act.dnpipe = s->dnpipe;
-		pd.act.dnrpipe = s->dnrpipe;
-		pd.act.flags = s->state_flags;
-	} else {
-		pd.act.dnpipe = r->dnpipe;
-		pd.act.dnrpipe = r->dnrpipe;
-		pd.act.flags = r->free_flags;
-	}
-	if ((pd.act.dnpipe || pd.act.dnrpipe) && !PACKET_LOOPED(&pd)) {
-		if (ip_dn_io_ptr == NULL) {
-			action = PF_DROP;
-			REASON_SET(&reason, PFRES_MEMORY);
-		} else {
-			struct ip_fw_args dnflow;
-
-			if (pd.pf_mtag == NULL &&
-			    ((pd.pf_mtag = pf_get_mtag(m)) == NULL)) {
-				action = PF_DROP;
-				REASON_SET(&reason, PFRES_MEMORY);
-				if (s)
-					PF_STATE_UNLOCK(s);
-				return (action);
-			}
-
-			if (pf_pdesc_to_dnflow(dir, &pd, r, s, &dnflow)) {
-				ip_dn_io_ptr(m0, &dnflow);
-
-				if (*m0 == NULL) {
-					if (s)
-						PF_STATE_UNLOCK(s);
-					return (action);
-				} else {
-					/* This is dummynet fast io processing */
-					m_tag_delete(*m0, m_tag_first(*m0));
-					pd.pf_mtag->flags &= ~PF_PACKET_LOOPED;
-				}
-			}
-		}
-	}
-
 	if (dir == PF_IN && action == PF_PASS && (pd.proto == IPPROTO_TCP ||
 	    pd.proto == IPPROTO_UDP) && s != NULL && s->nat_rule.ptr != NULL &&
 	    (s->nat_rule.ptr->action == PF_RDR ||
@@ -7348,6 +7315,44 @@ done:
 			pf_route6(m0, r, dir, kif->pfik_ifp, s, &pd, inp);
 			return (action);
 		}
+		/* Dummynet processing. */
+		if (s && (s->dnpipe || s->dnrpipe)) {
+			pd.act.dnpipe = s->dnpipe;
+			pd.act.dnrpipe = s->dnrpipe;
+			pd.act.flags = s->state_flags;
+		} else {
+			pd.act.dnpipe = r->dnpipe;
+			pd.act.dnrpipe = r->dnrpipe;
+			pd.act.flags = r->free_flags;
+		}
+		if (pd.act.dnpipe || pd.act.dnrpipe) {
+			if (ip_dn_io_ptr == NULL) {
+				m_freem(*m0);
+				*m0 = NULL;
+				action = PF_DROP;
+				REASON_SET(&reason, PFRES_MEMORY);
+			} else {
+				struct ip_fw_args dnflow;
+
+				if (pd.pf_mtag == NULL &&
+				    ((pd.pf_mtag = pf_get_mtag(m)) == NULL)) {
+					m_freem(*m0);
+					*m0 = NULL;
+					action = PF_DROP;
+					REASON_SET(&reason, PFRES_MEMORY);
+					if (s)
+						PF_STATE_UNLOCK(s);
+					return (action);
+				}
+
+				if (pf_pdesc_to_dnflow(dir, &pd, r, s, &dnflow)) {
+					ip_dn_io_ptr(m0, &dnflow);
+
+					if (*m0 == NULL)
+						action = PF_DROP;
+				}
+			}
+		}
 		break;
 	}