when pf_route (and pf_route6) are supposed to handle forwarding the
packet (ie, for route-to or reply-to rules), they take the mbuf
away from the calling code path. this is done by clearing the mbuf
pointer in the pf_pdesc struct. it doesn't do this for dup-to rules
though.
at the moment pf_route clears that pointer on the way out, but it could
take the mbuf away up front in the same place that it already checks if
it's a dup-to rule or not.
it's a small change. i've bumped up the number of lines of context so
it's easier to read too.
ok?
Index: pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.1101
diff -u -p -r1.1101 pf.c
--- pf.c 19 Jan 2021 22:22:23 -0000 1.1101
+++ pf.c 27 Jan 2021 01:05:29 -0000
@@ -5988,6 +5988,7 @@ pf_route(struct pf_pdesc *pd, struct pf_
if ((r->rt == PF_REPLYTO) == (r->direction == pd->dir))
return;
m0 = pd->m;
+ pd->m = NULL;
}
if (m0->m_len < sizeof(struct ip)) {
@@ -6108,8 +6109,6 @@ pf_route(struct pf_pdesc *pd, struct pf_
ipstat_inc(ips_fragmented);
done:
- if (r->rt != PF_DUPTO)
- pd->m = NULL;
rtfree(rt);
return;
@@ -6146,6 +6145,7 @@ pf_route6(struct pf_pdesc *pd, struct pf
if ((r->rt == PF_REPLYTO) == (r->direction == pd->dir))
return;
m0 = pd->m;
+ pd->m = NULL;
}
if (m0->m_len < sizeof(struct ip6_hdr)) {
@@ -6237,8 +6237,6 @@ pf_route6(struct pf_pdesc *pd, struct pf
}
done:
- if (r->rt != PF_DUPTO)
- pd->m = NULL;
rtfree(rt);
return;
