Date: Thu, 12 May 2022 19:58:17 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 009e8f0a1099 - main - pf: fix pf_rule_to_actions() Message-ID: <202205121958.24CJwHuM075658@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=009e8f0a109999a1978ac77b390f4ac5a6ae59a3 commit 009e8f0a109999a1978ac77b390f4ac5a6ae59a3 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2022-05-11 16:51:21 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2022-05-12 19:50:10 +0000 pf: fix pf_rule_to_actions() If we already had a pipe set in the actions struct we need to take care to clear the flag if we're overwriting it with a queue. This can happen if we've got Ethernet rules setting a dummynet pipe. It does this indirectly, by adding the dummynet information to a pf_mtag associated with the mbuf. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index bd9334982be9..5b3bc719ecb6 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -3582,8 +3582,12 @@ pf_rule_to_actions(struct pf_krule *r, struct pf_rule_actions *a) a->dnpipe = r->dnpipe; if (r->dnrpipe) a->dnrpipe = r->dnrpipe; - if (r->free_flags & PFRULE_DN_IS_PIPE) - a->flags |= PFRULE_DN_IS_PIPE; + if (r->dnpipe || r->dnrpipe) { + if (r->free_flags & PFRULE_DN_IS_PIPE) + a->flags |= PFRULE_DN_IS_PIPE; + else + a->flags &= ~PFRULE_DN_IS_PIPE; + } } int
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202205121958.24CJwHuM075658>