git: 9501fc936f3b - main - pf: dummynet fix
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 06 May 2022 15:42:16 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=9501fc936f3bc90d6159b4706f2728f6678848cd commit 9501fc936f3bc90d6159b4706f2728f6678848cd Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2022-05-06 14:37:47 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2022-05-06 14:37:47 +0000 pf: dummynet fix If we don't have a pipe set we shouldn't feed packets into dummynet. This could occur if we have a 'dnpipe (0, 100)' configuration, for example. We do want to feed the packet to dummynet in the return direction, but not in the forward direction. In that case pf_pdesc_to_dnflow() should return false, rather than pass a pipe number of 0 to dummynet. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 52ee54cd90af..fd4031ac942c 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -6743,7 +6743,7 @@ pf_pdesc_to_dnflow(int dir, const struct pf_pdesc *pd, if (dir != dndir && pd->act.dnrpipe) { dnflow->rule.info = pd->act.dnrpipe; } - else if (dir == dndir) { + else if (dir == dndir && pd->act.dnpipe) { dnflow->rule.info = pd->act.dnpipe; } else {