CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/04/21 00:38:28
Modified files:
sys/net : pf_if.c
Log message:
PFI_FLAG_SKIP may be lost when interface disappears and then reappears
if 'set skip on ...' in pf.conf(5) refers to interface (or interface group)
which is yet to be created in system, then all is good.
However if the interface (or interface group) exists in system at the time
when pf.conf(5) is being loaded to pf(4) the effect of skip flag might get
lost. The scenario for tap0 interface goes as follows:
tap0 (and tap interface) exist in system and is known to pf(4), meaning
'pfctl -sI' reports tap0 and tap.
pf.conf with 'set skip on tap' is loaded. The pf(4) sets the flag on
`kif` instance without obtaining a reference to keep it in table
until skip flag (PFI_FLAG_SKIP) is reset.
tap0 interface is removed from system (ifconfig tap0 destroy),
the tap0 is removed from system and also corresponding kif instance
is removed from pf(4). kif is forgotten together with flag settings. If tap0
happens to be the last tap interface, then tap interface group (including
its kif) is also removed from system (and pf(4)).
Now tap0 is going to be re-created by running 'ifconfig tap0 up'. The
corresponding kif instances (kif instance for tap0 interface and tap interface
group) are inserted to interface table in pf(4) with default interface flags,
loosing 'set skip on tap...' setting found in pf.conf. To workaround
this one has to reload pf.conf so interface flags are set again.
The issue has been noticed and kindly reported by
Atanas Vladimirov <vlado () bsdbg ! net>
OK bluhm@
