Date: Wed, 08 Feb 2023 06:08:06 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 268246] crash and panic using pfsync on 13.1-RELEASE Message-ID: <bug-268246-7501-0tmONFF7MK@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-268246-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-268246-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268246 --- Comment #67 from Kristof Provost <kp@freebsd.org> --- That destination address is a bit odd... Do you have IPv6 traffic? pfsync always uses ip_output() for deferred traffic, which might perhaps explain the panic if we're shoving IPv6 packets through that. So let's try to skip IPv6 for now: diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index 47c3217f399c..a9e6988ff7af 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -2345,6 +2345,15 @@ pfsyncintr(void *arg) n = m->m_nextpkt; m->m_nextpkt = NULL; + { + struct ip *ip = mtod(m, struct ip *); + if (ip->ip_v != IPVERSION) { + printf("%s() skipping !IPv4 traffic\n", __func__); + m_freem(m); + continue; + } + } + /* * We distinguish between a deferral packet and our * own pfsync packet based on M_SKIP_FIREWALL Obviously that's not a fix, but if that stops the panic at least we'll know and we can work on a real fix later. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-268246-7501-0tmONFF7MK>