The following reply was made to PR kern/164402; it has been noted by GNATS.
From: Gleb Smirnoff <[email protected]> To: "Eugene M. Zheganin" <[email protected]> Cc: [email protected] Subject: kern/164402: [pf] pf crashes with a particular set of rules when first matching packet arrives Date: Sun, 15 Apr 2012 15:07:56 +0400 Hi, I have a vague suspicion on what is happening. Your description of the problem looks like if a packet processing in the kernel has entered an endless loop. Looking at pf_route() I see such possibility. From OpenBSD we have this protection against endless looping: if ((*m)->m_pkthdr.pf.routed++ > 3) { m0 = *m; *m = NULL; goto bad; } In our code this transforms to: if (pd->pf_mtag->routed++ > 3) { m0 = *m; *m = NULL; goto bad; } The root difference between storing the tag on mbuf and on pfdesc is that we lose pfdesc, and thus the tag, when we enter pf_test() recursively. And pf_route() does this recursion: if (oifp != ifp) { if (pf_test(PF_OUT, ifp, &m0, NULL) != PF_PASS) { goto bad; .... -- Totus tuus, Glebius. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
