git: 7fe0c3f8d330 - main - mbuf: PACKET_TAG_PF should not be persistent
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 28 Oct 2021 08:50:39 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=7fe0c3f8d3303b67e55e3abcd66cbd4a9eaa1a0d
commit 7fe0c3f8d3303b67e55e3abcd66cbd4a9eaa1a0d
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2021-10-26 07:51:33 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2021-10-28 08:41:17 +0000
mbuf: PACKET_TAG_PF should not be persistent
We should clear firewall tags on loopback, icmp reflection, or if_epair
transmission. Left over tags can produce unexpected behaviour,
especially on if_epair where a and b interfaces can be in different
vnets, and have different firewall policies set.
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D32664
---
sys/sys/mbuf.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/sys/mbuf.h b/sys/sys/mbuf.h
index 9c196f30b319..413854cc9a57 100644
--- a/sys/sys/mbuf.h
+++ b/sys/sys/mbuf.h
@@ -1351,7 +1351,7 @@ extern bool mb_use_ext_pgs; /* Use ext_pgs for sendfile */
#define PACKET_TAG_DIVERT 17 /* divert info */
#define PACKET_TAG_IPFORWARD 18 /* ipforward info */
#define PACKET_TAG_MACLABEL (19 | MTAG_PERSISTENT) /* MAC label */
-#define PACKET_TAG_PF (21 | MTAG_PERSISTENT) /* PF/ALTQ information */
+#define PACKET_TAG_PF 21 /* PF/ALTQ information */
#define PACKET_TAG_RTSOCKFAM 25 /* rtsock sa family */
#define PACKET_TAG_IPOPTIONS 27 /* Saved IP options */
#define PACKET_TAG_CARP 28 /* CARP info */