From nobody Mon Nov 20 13:05:30 2023 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SYnmp6jS7z51GY6 for ; Mon, 20 Nov 2023 13:05:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SYnmp5ZDxz3dWs for ; Mon, 20 Nov 2023 13:05:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1700485530; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=C0SjG7vIPMjfJgX4Nh9Pg9L/1dtKS4UwfpGlDFyizjA=; b=KwAjNSfsLlC/P1LzaSKoAHz2zAH6vIQ88FxmfUE1Bq8LtuTO9FPAmy1/oMVWRL4bPtblSS X9c/5Td+/thmgj0LOnc/wej8lsoHwfIG3qDLbm4AqNn+UwGfAgPWwvN3Y4LsSfF5gDr0ap 6s/GrXXFkjbNSoz1Ci5oZgeMctNqk7Au7nEPad9HC/o7Tav3vnglpOE09mgjYv5VlQyjUq wRZjjlQMdZIE35p7Anc5a31NMIa43X28RIcdQmullKYhKO26rWS+WH0x64kMZEQRAwamFL GH6HGABzMokS3HSsnLRX2ym2Vi71OT+crAubo3iEQAeyByszcei2XZM8CR530A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1700485530; a=rsa-sha256; cv=none; b=h7+BVvDalpdaeT6D7PxNQfhcUBD5eKqxmpfObAkDBavaLriRJsPDkDgWiusV5WgWDGDjux R1a0j2lLP8/stTY+bcp6AJdZJNQDg7DB8V58iuGlKYEPeIasQ0SQE8QJWMBqdwden0FOHR j7EdNRMms+ZWjmLgfSRh3dJyFsHr2wIqGan2syh2VgfNaSDyLu9RKO0tnMNCafo4bELy+L 4NWjz8HC2/gnDAwH87JEForH5+6snzgVKL9IcGggPp9Oc61qujF5vomBW5aWF3HL4B5EvM TYQuPe1AaDTtcwLGnMaFYdYbeDrzBSEnWclzm/xLkw1v/CuvSqDXlcINismP3w== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SYnmp4XtjztBy for ; Mon, 20 Nov 2023 13:05:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3AKD5Ut0095688 for ; Mon, 20 Nov 2023 13:05:30 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3AKD5UAm095687 for pf@FreeBSD.org; Mon, 20 Nov 2023 13:05:30 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 274850] Packets are disappearing when both PF "divert-to" and "Dnpipe" rules are activated simultaneously Date: Mon, 20 Nov 2023 13:05:30 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274850 --- Comment #5 from commit-hook@FreeBSD.org --- A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3Df831517d862dac2df3110c569b44e8417= c3f0afa commit f831517d862dac2df3110c569b44e8417c3f0afa Author: Igor Ostapenko AuthorDate: 2023-11-17 16:04:01 +0000 Commit: Kristof Provost CommitDate: 2023-11-20 10:30:19 +0000 pf: fix dummynet + ipdivert use case Dummynet re-injects an mbuf with MTAG_IPFW_RULE added, and the same mtag is used by divert(4) as parameters for packet diversion. If according to pf rule set a packet should go through dummynet first and through ipdivert after then mentioned mtag must be removed after dummynet not to make ipdivert think that this is its input parameters. At the very beginning ipfw consumes this mtag what means the same behavior with tag clearing after dummynet. And after fabf705f4b5a pf passes parameters to ipdivert using its personal MTAG_PF_DIVERT mtag. PR: 274850 Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D42609 (cherry picked from commit fe3bb40b9e807d4010617de1ef040ba3aa623487) sys/netpfil/pf/pf.c | 27 +++++++-- tests/sys/netpfil/pf/divert-to.sh | 118 ++++++++++++++++++++++++++++++++++= +++- 2 files changed, 139 insertions(+), 6 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=