mbuf: PACKET_TAG_PF should not be persistent

We should clear firewall tags on loopback, icmp reflection, or if_epair transmission. Left over tags can produce unexpected behaviour, especially on if_epair where a and b interfaces can be in different vnets, and have different firewall policies set. MFC after: 3 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D32664
2021-10-26 09:51:33 +02:00 · 2021-10-26 09:51:33 +02:00 · 7fe0c3f8d3
commit 7fe0c3f8d3
parent 62d2dcafb7
1 changed files with 1 additions and 1 deletions
--- a/sys/sys/mbuf.h
+++ b/sys/sys/mbuf.h
@ -1351,7 +1351,7 @@ extern bool		mb_use_ext_pgs;	/* Use ext_pgs for sendfile */
 #define	PACKET_TAG_DIVERT			17 /* divert info */
 #define	PACKET_TAG_IPFORWARD			18 /* ipforward info */
 #define	PACKET_TAG_MACLABEL	(19 | MTAG_PERSISTENT) /* MAC label */
-#define	PACKET_TAG_PF		(21 | MTAG_PERSISTENT) /* PF/ALTQ information */
+#define	PACKET_TAG_PF				21 /* PF/ALTQ information */
 #define	PACKET_TAG_RTSOCKFAM			25 /* rtsock sa family */
 #define	PACKET_TAG_IPOPTIONS			27 /* Saved IP options */
 #define	PACKET_TAG_CARP				28 /* CARP info */