git: 9501fc936f3b - main - pf: dummynet fix
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 06 May 2022 15:42:16 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=9501fc936f3bc90d6159b4706f2728f6678848cd
commit 9501fc936f3bc90d6159b4706f2728f6678848cd
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-05-06 14:37:47 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-05-06 14:37:47 +0000
pf: dummynet fix
If we don't have a pipe set we shouldn't feed packets into dummynet.
This could occur if we have a 'dnpipe (0, 100)' configuration, for
example. We do want to feed the packet to dummynet in the return
direction, but not in the forward direction. In that case
pf_pdesc_to_dnflow() should return false, rather than pass a pipe number
of 0 to dummynet.
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/pf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 52ee54cd90af..fd4031ac942c 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -6743,7 +6743,7 @@ pf_pdesc_to_dnflow(int dir, const struct pf_pdesc *pd,
if (dir != dndir && pd->act.dnrpipe) {
dnflow->rule.info = pd->act.dnrpipe;
}
- else if (dir == dndir) {
+ else if (dir == dndir && pd->act.dnpipe) {
dnflow->rule.info = pd->act.dnpipe;
}
else {