[Bug 268246] crash and panic using pfsync on 13.1-RELEASE

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 08 Feb 2023 06:08:06 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268246

--- Comment #67 from Kristof Provost <kp@freebsd.org> ---
That destination address is a bit odd... Do you have IPv6 traffic? pfsync
always uses ip_output() for deferred traffic, which might perhaps explain the
panic if we're shoving IPv6 packets through that.

So let's try to skip IPv6 for now: 

diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
index 47c3217f399c..a9e6988ff7af 100644
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -2345,6 +2345,15 @@ pfsyncintr(void *arg)
                        n = m->m_nextpkt;
                        m->m_nextpkt = NULL;

+                       {
+                               struct ip *ip = mtod(m, struct ip *);
+                               if (ip->ip_v != IPVERSION) {
+                                       printf("%s() skipping !IPv4 traffic\n",
__func__);
+                                       m_freem(m);
+                                       continue;
+                               }
+                       }
+
                        /*
                         * We distinguish between a deferral packet and our
                         * own pfsync packet based on M_SKIP_FIREWALL

Obviously that's not a fix, but if that stops the panic at least we'll know and
we can work on a real fix later.

-- 
You are receiving this mail because:
You are the assignee for the bug.