git: 76e1ec4e10fa - stable/12 - pf: fix panic on deferred packets
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 28 Jan 2023 01:39:20 UTC
The branch stable/12 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=76e1ec4e10fa9a85bb8090cdf61e54c7a19508ee
commit 76e1ec4e10fa9a85bb8090cdf61e54c7a19508ee
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-01-13 03:34:20 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-01-27 03:16:43 +0000
pf: fix panic on deferred packets
The pfsync_defer_tmo() callout needs to set the correct vnet before it
can transmit packets. It used the rcvif in the mbuf to get this vnet,
but that doesn't work for locally originated traffic. In that case the
rcvif pointer is NULL, and the dereference leads to a panic.
Instead use the sc_sync_if, which is always set (if pfsync is enabled,
at least).
PR: 268246
MFC after: 2 weeks
(cherry picked from commit fd02192c3acaefeb62db11e0c10ab36240b79ba2)
---
sys/netpfil/pf/if_pfsync.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
index 88e0831e82de..eeaed225bdb1 100644
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -1823,7 +1823,10 @@ pfsync_defer_tmo(void *arg)
PFSYNC_BUCKET_LOCK_ASSERT(b);
- CURVNET_SET(m->m_pkthdr.rcvif->if_vnet);
+ if (sc->sc_sync_if == NULL)
+ return;
+
+ CURVNET_SET(sc->sc_sync_if->if_vnet);
TAILQ_REMOVE(&b->b_deferrals, pd, pd_entry);
b->b_deferred--;