The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=009e8f0a109999a1978ac77b390f4ac5a6ae59a3
commit 009e8f0a109999a1978ac77b390f4ac5a6ae59a3 Author: Kristof Provost <[email protected]> AuthorDate: 2022-05-11 16:51:21 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2022-05-12 19:50:10 +0000 pf: fix pf_rule_to_actions() If we already had a pipe set in the actions struct we need to take care to clear the flag if we're overwriting it with a queue. This can happen if we've got Ethernet rules setting a dummynet pipe. It does this indirectly, by adding the dummynet information to a pf_mtag associated with the mbuf. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index bd9334982be9..5b3bc719ecb6 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -3582,8 +3582,12 @@ pf_rule_to_actions(struct pf_krule *r, struct pf_rule_actions *a) a->dnpipe = r->dnpipe; if (r->dnrpipe) a->dnrpipe = r->dnrpipe; - if (r->free_flags & PFRULE_DN_IS_PIPE) - a->flags |= PFRULE_DN_IS_PIPE; + if (r->dnpipe || r->dnrpipe) { + if (r->free_flags & PFRULE_DN_IS_PIPE) + a->flags |= PFRULE_DN_IS_PIPE; + else + a->flags &= ~PFRULE_DN_IS_PIPE; + } } int
