Page MenuHomeFreeBSD

pf: Allow non-ip traffic through eth dummynet rules without panicking
ClosedPublic

Authored by linnemannr_gmail.com on May 23 2022, 10:44 PM.
Tags
None
Referenced Files
Unknown Object (File)
Jan 16 2024, 7:22 PM
Unknown Object (File)
Dec 22 2023, 11:52 PM
Unknown Object (File)
Dec 12 2023, 10:37 PM
Unknown Object (File)
Nov 11 2023, 10:58 PM
Unknown Object (File)
Nov 8 2023, 8:51 PM
Unknown Object (File)
Sep 6 2023, 9:58 AM
Unknown Object (File)
Jun 6 2023, 4:20 AM
Unknown Object (File)
Mar 20 2023, 11:00 AM

Details

Reviewers
kp
Summary

Alter pf_test_eth_rule() to panic when setting up the dnflow for a packet only
if the protocol is unknown. As we are filtering ethernet, IP and IPv6 are not
the only encapsulated protocols that should be handled.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 45688
Build 42576: arc lint + arc unit

Event Timeline

Remove default case from address family switch in pf_test_eth_rule dummynet handling entirely

This revision is now accepted and ready to land.May 24 2022, 8:55 AM

This was committed already:

commit ba3b6b938db71a18a93cf88979af0e57136787bd
Author: Kristof Provost <kp@FreeBSD.org>
Date:   Fri Jul 1 13:13:20 2022 +0200

    pf: handle dummynet for non-IP packets

    Do not panic if we try to dummynet an Ethernet packet that's not IPv4 or
    IPv6. Simply give it to dummynet.

    Sponsored by:   Rubicon Communications, LLC ("Netgate")