[Bug 268246] crash and panic using pfsync on 13.1-RELEASE
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 08 Feb 2023 06:08:06 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268246 --- Comment #67 from Kristof Provost <kp@freebsd.org> --- That destination address is a bit odd... Do you have IPv6 traffic? pfsync always uses ip_output() for deferred traffic, which might perhaps explain the panic if we're shoving IPv6 packets through that. So let's try to skip IPv6 for now: diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index 47c3217f399c..a9e6988ff7af 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -2345,6 +2345,15 @@ pfsyncintr(void *arg) n = m->m_nextpkt; m->m_nextpkt = NULL; + { + struct ip *ip = mtod(m, struct ip *); + if (ip->ip_v != IPVERSION) { + printf("%s() skipping !IPv4 traffic\n", __func__); + m_freem(m); + continue; + } + } + /* * We distinguish between a deferral packet and our * own pfsync packet based on M_SKIP_FIREWALL Obviously that's not a fix, but if that stops the panic at least we'll know and we can work on a real fix later. -- You are receiving this mail because: You are the assignee for the bug.