[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-pf
Subject:    [Bug 274850] Packets are disappearing when both PF "divert-to" and "Dnpipe" rules are activated simu
From:       bugzilla-noreply () freebsd ! org
Date:       2023-11-20 13:05:30
Message-ID: bug-274850-16861-NaIS2s7V5c () https ! bugs ! freebsd ! org/bugzilla/
[Download RAW message or body]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274850

--- Comment #5 from commit-hook@FreeBSD.org ---
A commit in branch stable/14 references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=f831517d862dac2df3110c569b44e8417c3f0afa

commit f831517d862dac2df3110c569b44e8417c3f0afa
Author:     Igor Ostapenko <pm@igoro.pro>
AuthorDate: 2023-11-17 16:04:01 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-11-20 10:30:19 +0000

    pf: fix dummynet + ipdivert use case

    Dummynet re-injects an mbuf with MTAG_IPFW_RULE added, and the same mtag
    is used by divert(4) as parameters for packet diversion.

    If according to pf rule set a packet should go through dummynet first
    and through ipdivert after then mentioned mtag must be removed after
    dummynet not to make ipdivert think that this is its input parameters.

    At the very beginning ipfw consumes this mtag what means the same
    behavior with tag clearing after dummynet.

    And after fabf705f4b5a pf passes parameters to ipdivert using its
    personal MTAG_PF_DIVERT mtag.

    PR:             274850
    Reviewed by:    kp
    Differential Revision:  https://reviews.freebsd.org/D42609

    (cherry picked from commit fe3bb40b9e807d4010617de1ef040ba3aa623487)

 sys/netpfil/pf/pf.c               |  27 +++++++--
 tests/sys/netpfil/pf/divert-to.sh | 118 +++++++++++++++++++++++++++++++++++++-
 2 files changed, 139 insertions(+), 6 deletions(-)

-- 
You are receiving this mail because:
You are the assignee for the bug.
[prev in list] [next in list] [prev in thread] [next in thread]