On Fri, Dec 16, 2022 at 05:36:04PM +0000, K R wrote: > ddb> show panic > *cpuO: kernel diagnostic assertion "inp->inp_laddr.s_addr == > INADDR_ANY || inp->inp_lport" failed: file > "/usr/src/sys/netinet/in_pcb.c", line 510
This has been fixed in errata and syspatch. https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/013_tcp.patch.sig > pass in quick log (all) inet6 proto { tcp, udp } to (egress) divert-to > ::1 port 9000 > pass in quick log (all) inet proto { tcp, udp } to (egress) divert-to > 127.0.0.1 port 9000 pf divert-to rules that match destination port 0 trigger the bug. Like in your case, where the port is not specified. pass in quick log (all) inet6 proto { tcp, udp } to (egress) port != 0 divert-to ::1 port 9000 pass in quick log (all) inet proto { tcp, udp } to (egress) port != 0 divert-to 127.0.0.1 port 9000 These rules with destination port not zero would be safe. bluhm
