diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2022-05-06 14:37:47 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2022-05-06 14:37:47 +0000 |
| commit | 9501fc936f3bc90d6159b4706f2728f6678848cd (patch) | |
| tree | 522ad253c7491b6aaed54fa1e2f96d2d06bab5ea | |
| parent | c530c80ef22eee3778e649add4920e83cc4b1af7 (diff) | |
| download | src-9501fc936f3bc90d6159b4706f2728f6678848cd.tar.gz src-9501fc936f3bc90d6159b4706f2728f6678848cd.zip | |
pf: dummynet fix
If we don't have a pipe set we shouldn't feed packets into dummynet.
This could occur if we have a 'dnpipe (0, 100)' configuration, for
example. We do want to feed the packet to dummynet in the return
direction, but not in the forward direction. In that case
pf_pdesc_to_dnflow() should return false, rather than pass a pipe number
of 0 to dummynet.
Sponsored by: Rubicon Communications, LLC ("Netgate")
| -rw-r--r-- | sys/netpfil/pf/pf.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 52ee54cd90af..fd4031ac942c 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -6743,7 +6743,7 @@ pf_pdesc_to_dnflow(int dir, const struct pf_pdesc *pd, if (dir != dndir && pd->act.dnrpipe) { dnflow->rule.info = pd->act.dnrpipe; } - else if (dir == dndir) { + else if (dir == dndir && pd->act.dnpipe) { dnflow->rule.info = pd->act.dnpipe; } else { |