[Bug 268246] crash and panic using pfsync on 13.1-RELEASE
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 08 Feb 2023 06:08:06 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268246
--- Comment #67 from Kristof Provost <kp@freebsd.org> ---
That destination address is a bit odd... Do you have IPv6 traffic? pfsync
always uses ip_output() for deferred traffic, which might perhaps explain the
panic if we're shoving IPv6 packets through that.
So let's try to skip IPv6 for now:
diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
index 47c3217f399c..a9e6988ff7af 100644
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -2345,6 +2345,15 @@ pfsyncintr(void *arg)
n = m->m_nextpkt;
m->m_nextpkt = NULL;
+ {
+ struct ip *ip = mtod(m, struct ip *);
+ if (ip->ip_v != IPVERSION) {
+ printf("%s() skipping !IPv4 traffic\n",
__func__);
+ m_freem(m);
+ continue;
+ }
+ }
+
/*
* We distinguish between a deferral packet and our
* own pfsync packet based on M_SKIP_FIREWALL
Obviously that's not a fix, but if that stops the panic at least we'll know and
we can work on a real fix later.
--
You are receiving this mail because:
You are the assignee for the bug.