git: fd02192c3aca - main - pf: fix panic on deferred packets

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=fd02192c3acaefeb62db11e0c10ab36240b79ba2

commit fd02192c3acaefeb62db11e0c10ab36240b79ba2
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-01-13 03:34:20 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-01-13 19:41:25 +0000

    pf: fix panic on deferred packets
    
    The pfsync_defer_tmo() callout needs to set the correct vnet before it
    can transmit packets. It used the rcvif in the mbuf to get this vnet,
    but that doesn't work for locally originated traffic. In that case the
    rcvif pointer is NULL, and the dereference leads to a panic.
    
    Instead use the sc_sync_if, which is always set (if pfsync is enabled,
    at least).
    
    PR:             268246
    MFC after:      2 weeks
---
 sys/netpfil/pf/if_pfsync.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
index a2baf477873e..61308a35a7e1 100644
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -1819,8 +1819,11 @@ pfsync_defer_tmo(void *arg)
 
 	PFSYNC_BUCKET_LOCK_ASSERT(b);
 
+	if (sc->sc_sync_if == NULL)
+		return;
+
 	NET_EPOCH_ENTER(et);
-	CURVNET_SET(m->m_pkthdr.rcvif->if_vnet);
+	CURVNET_SET(sc->sc_sync_if->if_vnet);
 
 	TAILQ_REMOVE(&b->b_deferrals, pd, pd_entry);
 	b->b_deferred--;