From nobody Thu Nov 09 14:40:12 2023 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SR4P84rxfz4yw51 for ; Thu, 9 Nov 2023 14:40:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SR4P8344Wz3Qgp for ; Thu, 9 Nov 2023 14:40:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1699540812; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2xJygMQWzuiue6DL5QLqMB3I/ZPC+Gty90oTO4W/GaM=; b=U0LZ1PxGZ9SMbScqI5aEBg6uSk2I4SYIFKQEQA/wfri33aw5f9YUjMde83nd+4Y9WD/DI9 BKtHeRqPtse5VguQuh9wk43vRyzPDZwLMhYY+YazN5QHsP0ozyTQGjqD5SdK+DvoTtlrSu q41JKIip+i9Jt+/A1X+R3pAPRYMpRbYcq6igdVQ2qrrrSS3mqkfsY0iCxBH4cE87YNva9U g3Nm0gWaxBd2xMID99F3Z+WxlDiOzTrmRy7lRjauJisFGsH7YC/1DfIiDF0UWhRiHvE11S GL1qlI5Tv4miSzpMMzv2yOjwjc0p2Fyj30vcLomj/d/2c2H0QLLsRWm49kSx4A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1699540812; a=rsa-sha256; cv=none; b=QLiuW5o/F5ii+lmZYSJ2ftkCj0dww5QkpJxM1Xk8S8RQRDUOS8j+gUtaEHidh3Oog7YOwX mS6wedJU5FO6XIgMsvUTqT19T+MocNcsAAaNB7oGpDSavV0W49vR7jmYZ2teU6oOlBtKq/ MWYx+vGLFLX6nG5XR9tkybztoBt7E7K6z/aqNJ3dH+okldF99S73kdhY8LqMgy/lpvCQn8 +91keK+bu0xEXfQaEfUob7DNhKj1ViQDOvm8JXweSxeYELruLTxOFGH7wlKfLnMJUPobTm V3M8FKRrrdWUU+9X3Ug48zUBdFimr+zCreHGrU6h9LEhlBWQzsRzU5eJYU0HMg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SR4P827Kgz4cN for ; Thu, 9 Nov 2023 14:40:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3A9EeCkO036915 for ; Thu, 9 Nov 2023 14:40:12 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3A9EeCvJ036913 for pf@FreeBSD.org; Thu, 9 Nov 2023 14:40:12 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 272770] "divert-to" rule creates packet loops on all FreeBSD 11.0 to 14.0 CURRENT versions Date: Thu, 09 Nov 2023 14:40:12 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272770 --- Comment #5 from commit-hook@FreeBSD.org --- A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D2f3f9c9d54bb274dfb5de40f4ce7ca944= d4e05a5 commit 2f3f9c9d54bb274dfb5de40f4ce7ca944d4e05a5 Author: Igor Ostapenko AuthorDate: 2023-10-19 10:12:15 +0000 Commit: Kristof Provost CommitDate: 2023-11-09 09:55:45 +0000 pf: fix pf divert-to loop Resolved conflict between ipfw and pf if both are used and pf wants to do divert(4) by having separate mtags for pf and ipfw. Also fix the incorrect 'rulenum' check, which caused the reported loop. While here add a few test cases to ensure that divert-to works as expected, even if ipfw is loaded. divert(4) PR: 272770 MFC after: 3 weeks Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D42142 (cherry picked from commit fabf705f4b5aff2fa2dc997c2d0afd62a6927e68) sys/netinet/ip_divert.c | 31 ++- sys/netinet/ip_var.h | 10 + sys/netpfil/pf/pf.c | 32 ++- tests/sys/netpfil/pf/Makefile | 4 + tests/sys/netpfil/pf/divapp.c (new) | 149 ++++++++++++ tests/sys/netpfil/pf/divert-to.sh (new) | 413 ++++++++++++++++++++++++++++= ++++ 6 files changed, 625 insertions(+), 14 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=