From owner-svn-src-user@FreeBSD.ORG  Tue Oct 13 20:01:37 2009
Return-Path: <owner-svn-src-user@FreeBSD.ORG>
Delivered-To: svn-src-user@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 817F3106568F;
	Tue, 13 Oct 2009 20:01:37 +0000 (UTC) (envelope-from eri@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 708768FC0C;
	Tue, 13 Oct 2009 20:01:37 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n9DK1b8F015051;
	Tue, 13 Oct 2009 20:01:37 GMT (envelope-from eri@svn.freebsd.org)
Received: (from eri@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id n9DK1buS015049;
	Tue, 13 Oct 2009 20:01:37 GMT (envelope-from eri@svn.freebsd.org)
Message-Id: <200910132001.n9DK1buS015049@svn.freebsd.org>
From: Ermal Luçi <eri@FreeBSD.org>
Date: Tue, 13 Oct 2009 20:01:37 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-user@freebsd.org
X-SVN-Group: user
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r198047 - user/eri/pf45/head/sys/contrib/pf/net
X-BeenThere: svn-src-user@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the experimental &quot; user&quot;
	src tree" <svn-src-user.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-user>,
	<mailto:svn-src-user-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-user>
List-Post: <mailto:svn-src-user@freebsd.org>
List-Help: <mailto:svn-src-user-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-user>,
	<mailto:svn-src-user-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Oct 2009 20:01:37 -0000

Author: eri
Date: Tue Oct 13 20:01:37 2009
New Revision: 198047
URL: http://svn.freebsd.org/changeset/base/198047

Log:
  Prevent pf(4) from handling ipfw(4) tagged packets.
  This is based on the following assumption that
  ipfw puts the rule number in the divert cookie
  while pf itself just puts zero.
  
  Should the same check be done in ipfw(4) divert!?

Modified:
  user/eri/pf45/head/sys/contrib/pf/net/pf.c

Modified: user/eri/pf45/head/sys/contrib/pf/net/pf.c
==============================================================================
--- user/eri/pf45/head/sys/contrib/pf/net/pf.c	Tue Oct 13 19:51:31 2009	(r198046)
+++ user/eri/pf45/head/sys/contrib/pf/net/pf.c	Tue Oct 13 20:01:37 2009	(r198047)
@@ -6487,8 +6487,16 @@ pf_test(int dir, struct ifnet *ifp, stru
 #ifdef __FreeBSD__
 	if (ip_divert_ptr != NULL &&
 	    ((dvtag = m_tag_find(m, PACKET_TAG_DIVERT, NULL)) != NULL)) {
-		pd.pf_mtag->flags |= PF_TAG_DIVERTED;
-		m_tag_delete(m, dvtag);
+		/* 
+		 * Ipfw puts the rule number in the divert cookie
+		 * while pf itself just puts zero.
+		 * Use this fact to detect if this is pf created divert tag
+		 * or ipfw one.
+		 */
+		if (!divert_cookie(dvtag)) {
+			pd.pf_mtag->flags |= PF_TAG_DIVERTED;
+			m_tag_delete(m, dvtag);
+		}
 	} else
 #endif
 	/* We do IP header normalization and packet reassembly here */