From d14eecdbbc4cc3413049b37a91314fc5eec4aef3 Mon Sep 17 00:00:00 2001
From: glebius <glebius@FreeBSD.org>
Date: Wed, 6 Apr 2005 14:00:33 +0000
Subject: When a packet has been reinjected into ipfw(4) after dummynet(4)
 processing we have a non-NULL args.rule. If the same packet later is subject
 to "tee" rule, its original is sent again into ipfw_chk() and it reenters at
 the same rule. This leads to infinite loop and frozen router.

Assign args.rule to NULL, any time we are going to send packet back to
ipfw_chk() after a tee rule. This is a temporary workaround, which we
will leave for RELENG_5. In HEAD we are going to make divert(4) save
next rule the same way as dummynet(4) does.

PR:		kern/79546
Submitted by:	Oleg Bulyzhin
Reviewed by:	maxim, andre
MFC after:	3 days
---
 sys/netinet/ip_fw_pfil.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'sys/netinet/ip_fw_pfil.c')

diff --git a/sys/netinet/ip_fw_pfil.c b/sys/netinet/ip_fw_pfil.c
index 0103d8c..10a01ea 100644
--- a/sys/netinet/ip_fw_pfil.c
+++ b/sys/netinet/ip_fw_pfil.c
@@ -168,8 +168,10 @@ again:
 		if (divert) {
 			*m0 = NULL;
 			return 0;	/* packet consumed */
-		} else
+		} else {
+			args.rule = NULL;
 			goto again;	/* continue with packet */
+		}
 
 	case IP_FW_NGTEE:
 		if (!NG_IPFW_LOADED)
@@ -291,8 +293,10 @@ again:
 		if (divert) {
 			*m0 = NULL;
 			return 0;	/* packet consumed */
-		} else
+		} else {
+			args.rule = NULL;
 			goto again;	/* continue with packet */
+		}
 
 	case IP_FW_NGTEE:
 		if (!NG_IPFW_LOADED)
-- 
cgit v1.1