git: 2036a3a8a168 - stable/13 - mbuf: PACKET_TAG_PF should not be persistent
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 19 Nov 2021 06:39:20 UTC
The branch stable/13 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=2036a3a8a16832974b529d601a124ac52dfeb7d1
commit 2036a3a8a16832974b529d601a124ac52dfeb7d1
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2021-10-26 07:51:33 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2021-11-19 05:51:58 +0000
mbuf: PACKET_TAG_PF should not be persistent
We should clear firewall tags on loopback, icmp reflection, or if_epair
transmission. Left over tags can produce unexpected behaviour,
especially on if_epair where a and b interfaces can be in different
vnets, and have different firewall policies set.
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D32664
(cherry picked from commit 7fe0c3f8d3303b67e55e3abcd66cbd4a9eaa1a0d)
---
sys/sys/mbuf.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/sys/mbuf.h b/sys/sys/mbuf.h
index 9f84d0758bc6..2182a6c7679c 100644
--- a/sys/sys/mbuf.h
+++ b/sys/sys/mbuf.h
@@ -1327,7 +1327,7 @@ extern bool mb_use_ext_pgs; /* Use ext_pgs for sendfile */
#define PACKET_TAG_DIVERT 17 /* divert info */
#define PACKET_TAG_IPFORWARD 18 /* ipforward info */
#define PACKET_TAG_MACLABEL (19 | MTAG_PERSISTENT) /* MAC label */
-#define PACKET_TAG_PF (21 | MTAG_PERSISTENT) /* PF/ALTQ information */
+#define PACKET_TAG_PF 21 /* PF/ALTQ information */
#define PACKET_TAG_RTSOCKFAM 25 /* rtsock sa family */
#define PACKET_TAG_IPOPTIONS 27 /* Saved IP options */
#define PACKET_TAG_CARP 28 /* CARP info */