mirror of
https://git.FreeBSD.org/src.git
synced 2024-10-19 02:29:40 +00:00
When a packet has been reinjected into ipfw(4) after dummynet(4) processing
we have a non-NULL args.rule. If the same packet later is subject to "tee" rule, its original is sent again into ipfw_chk() and it reenters at the same rule. This leads to infinite loop and frozen router. Assign args.rule to NULL, any time we are going to send packet back to ipfw_chk() after a tee rule. This is a temporary workaround, which we will leave for RELENG_5. In HEAD we are going to make divert(4) save next rule the same way as dummynet(4) does. PR: kern/79546 Submitted by: Oleg Bulyzhin Reviewed by: maxim, andre MFC after: 3 days
This commit is contained in:
parent
bc1eb018c1
commit
8351d04f34
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=144712
@ -168,8 +168,10 @@ ipfw_check_in(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
|
||||
if (divert) {
|
||||
*m0 = NULL;
|
||||
return 0; /* packet consumed */
|
||||
} else
|
||||
} else {
|
||||
args.rule = NULL;
|
||||
goto again; /* continue with packet */
|
||||
}
|
||||
|
||||
case IP_FW_NGTEE:
|
||||
if (!NG_IPFW_LOADED)
|
||||
@ -291,8 +293,10 @@ ipfw_check_out(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
|
||||
if (divert) {
|
||||
*m0 = NULL;
|
||||
return 0; /* packet consumed */
|
||||
} else
|
||||
} else {
|
||||
args.rule = NULL;
|
||||
goto again; /* continue with packet */
|
||||
}
|
||||
|
||||
case IP_FW_NGTEE:
|
||||
if (!NG_IPFW_LOADED)
|
||||
|
Loading…
Reference in New Issue
Block a user