pf: fix pf_rule_to_actions()

If we already had a pipe set in the actions struct we need to take care to clear the flag if we're overwriting it with a queue. This can happen if we've got Ethernet rules setting a dummynet pipe. It does this indirectly, by adding the dummynet information to a pf_mtag associated with the mbuf. Redmine: 13148 Sponsored by: Rubicon Communications, LLC ("Netgate")
pfsense · May 11, 2022 · faf3efc · faf3efc
1 parent f4c27ac
commit faf3efc
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
@@ -3564,8 +3564,12 @@ pf_rule_to_actions(struct pf_krule *r, struct pf_rule_actions *a)
 		a->dnpipe = r->dnpipe;
 	if (r->dnrpipe)
 		a->dnrpipe = r->dnrpipe;
-	if (r->free_flags & PFRULE_DN_IS_PIPE)
-		a->flags |= PFRULE_DN_IS_PIPE;
+	if (r->dnpipe || r->dnrpipe) {
+		if (r->free_flags & PFRULE_DN_IS_PIPE)
+			a->flags |= PFRULE_DN_IS_PIPE;
+		else
+			a->flags &= ~PFRULE_DN_IS_PIPE;
+	}
 }
 
 int