Date: Wed, 15 Feb 2023 20:41:52 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 268246] crash and panic using pfsync on 13.1-RELEASE Message-ID: <bug-268246-7501-HqmlVTIiHr@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-268246-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-268246-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268246 --- Comment #84 from Kristof Provost <kp@freebsd.org> --- Ah, that's the same issue, but in the tmo function now. Try this: diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index 47c3217f399c..fd5be82367aa 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -102,6 +102,9 @@ __FBSDID("$FreeBSD$"); #include <netinet/tcp_fsm.h> #include <netinet/tcp_seq.h> +#include <netinet/ip6.h> +#include <netinet6/ip6_var.h> + #define PFSYNC_MINPKT ( \ sizeof(struct ip) + \ sizeof(struct pfsync_header) + \ @@ -1819,6 +1822,7 @@ pfsync_defer_tmo(void *arg) struct mbuf *m =3D pd->pd_m; struct pf_kstate *st =3D pd->pd_st; struct pfsync_bucket *b =3D pfsync_get_bucket(sc, st); + struct ip *ip; PFSYNC_BUCKET_LOCK_ASSERT(b); @@ -1833,9 +1837,14 @@ pfsync_defer_tmo(void *arg) pd->pd_st->state_flags &=3D ~PFSTATE_ACK; /* XXX: locking! */ if (pd->pd_refs =3D=3D 0) free(pd, M_PFSYNC); - PFSYNC_BUCKET_UNLOCK(b); + PFSYNC_BUCKET_UNLOCK(b); - ip_output(m, NULL, NULL, 0, NULL, NULL); + ip =3D mtod(m, struct ip *); + + if (ip->ip_v =3D=3D IPVERSION) + ip_output(m, NULL, NULL, 0, NULL, NULL); + else + ip6_output(m, NULL, NULL, 0, NULL, NULL, NULL); pf_release_state(st); @@ -2325,7 +2334,8 @@ pfsyncintr(void *arg) struct pfsync_softc *sc =3D arg; struct pfsync_bucket *b; struct mbuf *m, *n; - int c; + struct ip *ip; + int c, error; NET_EPOCH_ENTER(et); CURVNET_SET(sc->sc_ifp->if_vnet); @@ -2345,15 +2355,26 @@ pfsyncintr(void *arg) n =3D m->m_nextpkt; m->m_nextpkt =3D NULL; + ip =3D mtod(m, struct ip *); + /* * We distinguish between a deferral packet and our * own pfsync packet based on M_SKIP_FIREWALL * flag. This is XXX. */ - if (m->m_flags & M_SKIP_FIREWALL) - ip_output(m, NULL, NULL, 0, NULL, NULL); - else if (ip_output(m, NULL, NULL, IP_RAWOUTPUT, &sc->sc_imo, - NULL) =3D=3D 0) + if (m->m_flags & M_SKIP_FIREWALL) { + if (ip->ip_v =3D=3D IPVERSION) + error =3D ip_output(m, NULL, NULL, = 0, NULL, NULL); + else + error =3D ip6_output(m, NULL, NULL,= 0, NULL, NULL, NULL); + } else { + if (ip->ip_v =3D=3D IPVERSION) + error =3D ip_output(m, NULL, NULL, IP_RAWOUTPUT, &sc->sc_imo, + NULL); + else + error =3D ENOTSUP; // When we add pfsync over IPv6 + } + if (error =3D=3D 0) V_pfsyncstats.pfsyncs_opackets++; else V_pfsyncstats.pfsyncs_oerrors++; --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-268246-7501-HqmlVTIiHr>