kern/164402: [pf] pf crashes with a particular set of rules when
first matching packet arrives
Ermal Luçi
eri at freebsd.org
Tue Apr 17 19:21:28 UTC 2012
2012/4/17 Gleb Smirnoff <glebius at freebsd.org>:
> On Tue, Apr 17, 2012 at 12:46:08PM +0400, Gleb Smirnoff wrote:
> T> We can make the assignment like:
> T>
> T> if (ifp->if_flags & IFF_LOOPBACK)
> T> m->m_flags |= M_SKIP_FIREWALL;
>
> I've tested this plus MTAG_PERSISTENT on pf tags, and it looks like this
> works.
>
> At least for the "fastroute" case, which was defnitely not working before.
>
fastroute has been never of any good use if you asked me.
Though you can test reply-to quite easily the same you do with fastroute.
This fix should fix another tickets which reported massive storms of icmp
on lo0 as well. I have to find out the PR# though to merge it with this.
> --
> Totus tuus, Glebius.
--
Ermal
More information about the freebsd-pf
mailing list