git: 8edf0b52c407 - stable/13 - pf: fix panic on deferred packets

The branch stable/13 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=8edf0b52c40762d64b3d4318235b58ae5d4eff58

commit 8edf0b52c40762d64b3d4318235b58ae5d4eff58
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-01-13 03:34:20 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-01-28 01:34:38 +0000

    pf: fix panic on deferred packets
    
    The pfsync_defer_tmo() callout needs to set the correct vnet before it
    can transmit packets. It used the rcvif in the mbuf to get this vnet,
    but that doesn't work for locally originated traffic. In that case the
    rcvif pointer is NULL, and the dereference leads to a panic.
    
    Instead use the sc_sync_if, which is always set (if pfsync is enabled,
    at least).
    
    PR:             268246
    MFC after:      2 weeks
    
    (cherry picked from commit fd02192c3acaefeb62db11e0c10ab36240b79ba2)
---
 sys/netpfil/pf/if_pfsync.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
index 33e06eb4c79f..47c3217f399c 100644
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -1822,8 +1822,11 @@ pfsync_defer_tmo(void *arg)
 
 	PFSYNC_BUCKET_LOCK_ASSERT(b);
 
+	if (sc->sc_sync_if == NULL)
+		return;
+
 	NET_EPOCH_ENTER(et);
-	CURVNET_SET(m->m_pkthdr.rcvif->if_vnet);
+	CURVNET_SET(sc->sc_sync_if->if_vnet);
 
 	TAILQ_REMOVE(&b->b_deferrals, pd, pd_entry);
 	b->b_deferred--;