Always return PF_PASS for packets processed by dummynet, even if dumm…

…ynet drop the packet. While it even works for forwarded packets it will close the connection for a local bound sockets. Ticket #7050
pfsense · Jan 8, 2017 · 4c908ee · 4c908ee
1 parent 994e779
commit 4c908ee
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
@@ -6442,7 +6442,8 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp)
 		/* XXX: ipfw has the same behaviour! */
 		action = PF_DROP;
 		REASON_SET(&reason, PFRES_MEMORY);
-	} else if ((pd.act.dnpipe || pd.act.pdnpipe) && !PACKET_LOOPED(&pd)) {
+	} else if (action == PF_PASS &&
+	    (pd.act.dnpipe || pd.act.pdnpipe) && !PACKET_LOOPED(&pd)) {
 		if (dir != r->direction && pd.act.pdnpipe) {
 			dnflow.rule.info = pd.act.pdnpipe;
 		} else if (dir == r->direction) {
@@ -6478,9 +6479,7 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp)
 		if (s != NULL && s->nat_rule.ptr)
 			PACKET_UNDO_NAT(m, &pd, off, s, dir);
 
-		if (ip_dn_io_ptr(m0, (dir == PF_IN) ? DIR_IN : DIR_OUT,
-		    &dnflow) != 0)
-			action = PF_DROP;
+		ip_dn_io_ptr(m0, (dir == PF_IN) ? DIR_IN : DIR_OUT, &dnflow);
 		if (*m0 == NULL) {
 			if (s)
 				PF_STATE_UNLOCK(s);