[Bug 272770] "divert-to" rule creates packet loops on all FreeBSD 11.0 to 14.0 CURRENT versions
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 19 Oct 2023 12:37:44 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272770
--- Comment #2 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:
URL:
https://cgit.FreeBSD.org/src/commit/?id=fabf705f4b5aff2fa2dc997c2d0afd62a6927e68
commit fabf705f4b5aff2fa2dc997c2d0afd62a6927e68
Author: Igor Ostapenko <pm@igoro.pro>
AuthorDate: 2023-10-19 10:12:15 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-10-19 10:12:15 +0000
pf: fix pf divert-to loop
Resolved conflict between ipfw and pf if both are used and pf wants to
do divert(4) by having separate mtags for pf and ipfw.
Also fix the incorrect 'rulenum' check, which caused the reported loop.
While here add a few test cases to ensure that divert-to works as
expected, even if ipfw is loaded.
divert(4)
PR: 272770
MFC after: 3 weeks
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D42142
sys/netinet/ip_divert.c | 31 ++-
sys/netinet/ip_var.h | 10 +
sys/netpfil/pf/pf.c | 32 ++-
tests/sys/netpfil/pf/Makefile | 4 +
tests/sys/netpfil/pf/divapp.c (new) | 149 ++++++++++++
tests/sys/netpfil/pf/divert-to.sh (new) | 413 ++++++++++++++++++++++++++++++++
6 files changed, 625 insertions(+), 14 deletions(-)
--
You are receiving this mail because:
You are the assignee for the bug.