[Bug 272770] "divert-to" rule creates packet loops on all FreeBSD 11.0 to 14.0 CURRENT versions

[bugzilla...@freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272770

Alfa <bura...@outlook.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |bura...@outlook.com,
| |p...@FreeBSD.org

--
You are receiving this mail because:
You are on the CC list for the bug.

[bugzilla...@freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272770

Mark Linimon <lin...@FreeBSD.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Assignee|bu...@FreeBSD.org |p...@FreeBSD.org
See Also| |https://bugs.freebsd.org/bu
| |gzilla/show_bug.cgi?id=2608
| |67
CC|p...@FreeBSD.org |

--
You are receiving this mail because:

You are the assignee for the bug.

[bugzilla...@freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272770

Igor Ostapenko <igor.os...@pm.me> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |igor.os...@pm.me

--- Comment #1 from Igor Ostapenko <igor.os...@pm.me> ---
Could you please provide a bit more details of your use case you want to
achieve? What is the idea behind your divert app, does it alter incoming
packets, is forwarding involved here, etc -- anything would help.

[bugzilla...@freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272770

--- Comment #2 from commi...@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=fabf705f4b5aff2fa2dc997c2d0afd62a6927e68

commit fabf705f4b5aff2fa2dc997c2d0afd62a6927e68
Author: Igor Ostapenko <p...@igoro.pro>
AuthorDate: 2023-10-19 10:12:15 +0000
Commit: Kristof Provost <k...@FreeBSD.org>
CommitDate: 2023-10-19 10:12:15 +0000

pf: fix pf divert-to loop

Resolved conflict between ipfw and pf if both are used and pf wants to
do divert(4) by having separate mtags for pf and ipfw.

Also fix the incorrect 'rulenum' check, which caused the reported loop.

While here add a few test cases to ensure that divert-to works as
expected, even if ipfw is loaded.

divert(4)
PR: 272770
MFC after: 3 weeks
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D42142

sys/netinet/ip_divert.c | 31 ++-
sys/netinet/ip_var.h | 10 +
sys/netpfil/pf/pf.c | 32 ++-
tests/sys/netpfil/pf/Makefile | 4 +
tests/sys/netpfil/pf/divapp.c (new) | 149 ++++++++++++
tests/sys/netpfil/pf/divert-to.sh (new) | 413 ++++++++++++++++++++++++++++++++
6 files changed, 625 insertions(+), 14 deletions(-)

[bugzilla...@freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272770

cArleone <32car...@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |32car...@gmail.com

--- Comment #3 from cArleone <32car...@gmail.com> ---
Hello,

I did the tests on Freebsd 15 Current, it works. It no longer enters an
infinite loop. Thanks.
Will this commit be backported to Freebsd 14 RELEASE?

[bugzilla...@freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272770

--- Comment #4 from Kristof Provost <k...@freebsd.org> ---
(In reply to cArleone from comment #3)
It'll get merged to stable/14, but it's too late for 14.0.

[bugzilla...@freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272770

Alfa <bura...@outlook.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
See Also| |https://bugs.freebsd.org/bu
| |gzilla/show_bug.cgi?id=2748
| |50