HomeFreeBSD

pf: Fix usage of pf tags with syncookies

Description

pf: Fix usage of pf tags with syncookies

The value stored in pf_mtag->tag comes from "tag" and "match tag"
keywords in pf.conf and must not be abused for storing other
information. A ruleset with enough tags could set or remove the bits
responsible for PF_TAG_SYNCOOKIE_RECREATED.

Move this syncookie status to pf_mtag->flags. Rename this and other
related constants in a way that will prevent such mistakes in the
future. Move PF_REASSEMBLED constant to mbuf.h and rename accordingly
because it's not a flag stored in pf_mtag, but an identifier of a
different m_tag. Change the value of the constant to avoid conflicts
with other m_tags using MTAG_ABI_COMPAT.

Rename the variables in pf_build_tcp() and pf_send_tcp() in to reduce
confusion.

Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D40587

Details

Provenance
vegeta_tuxpowered.netAuthored on Jun 19 2023, 8:21 AM
kpCommitted on Jun 19 2023, 10:03 AM
Reviewer
kp
Differential Revision
D40587: pf: Fix usage of pf tags with syncookies
Parents
rGba94bf2880b8: pf: extend use of skip steps for Ethernet rules
Branches
Unknown
Tags
Unknown