From owner-dev-commits-src-branches@freebsd.org Mon Apr 19 19:21:49 2021 Return-Path: Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 46B1B5FCA2A; Mon, 19 Apr 2021 19:21:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FPGs85Bz4z4lvF; Mon, 19 Apr 2021 19:21:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 85AE724BE5; Mon, 19 Apr 2021 19:21:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 13JJLmIv012991; Mon, 19 Apr 2021 19:21:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 13JJLmmX012990; Mon, 19 Apr 2021 19:21:48 GMT (envelope-from git) Date: Mon, 19 Apr 2021 19:21:48 GMT Message-Id: <202104191921.13JJLmmX012990@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: a19dad31b150 - stable/12 - pf: Do not short-circuit processing for REPLY_TO MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: a19dad31b1503e0ee512e5f1cd21b671143bf5c8 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-branches@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commits to the stable branches of the FreeBSD src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Apr 2021 19:21:49 -0000 The branch stable/12 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=a19dad31b1503e0ee512e5f1cd21b671143bf5c8 commit a19dad31b1503e0ee512e5f1cd21b671143bf5c8 Author: Kristof Provost AuthorDate: 2021-04-07 13:46:44 +0000 Commit: Kristof Provost CommitDate: 2021-04-19 08:20:22 +0000 pf: Do not short-circuit processing for REPLY_TO When we find a state for packets that was created by a reply-to rule we still need to process the packet. The state may require us to modify the packet (e.g. in rdr or nat cases), which we won't do with the shortcut. MFC after: 2 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 6d786845cf63c8bf57174e3e43b0b5c5eca75be3) --- sys/netpfil/pf/pf.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 2666fd1155ab..a02c9254c714 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -343,10 +343,8 @@ VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); if (PACKET_LOOPED(pd)) \ return (PF_PASS); \ if ((d) == PF_OUT && \ - (((s)->rule.ptr->rt == PF_ROUTETO && \ - (s)->rule.ptr->direction == PF_OUT) || \ - ((s)->rule.ptr->rt == PF_REPLYTO && \ - (s)->rule.ptr->direction == PF_IN)) && \ + (s)->rule.ptr->rt == PF_ROUTETO && \ + (s)->rule.ptr->direction == PF_OUT && \ (s)->rt_kif != NULL && \ (s)->rt_kif != (i)) \ return (PF_PASS); \