Date: Sun, 17 Jun 2018 21:40:24 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 229092] [pf] [pfsync] States created by route-to rules pfsynced without interface Message-ID: <bug-229092-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229092 Bug ID: 229092 Summary: [pf] [pfsync] States created by route-to rules pfsynced without interface Product: Base System Version: 11.1-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: vegeta@tuxpowered.net Created attachment 194342 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D194342&action= =3Dedit Reconstruct rt_kif in pfsync_state_import I use FreeBSD and pf on routers and hardware loadbalancers. Routers do norm= al routing and have firewalls with only block or pass rules. Loadbalancers use route-to rules with tables of target hosts. On routers pfsync works just fi= ne while on loadbalancers it fails because states are synced without target interface. There are 2 ways to fix it: 1. Modify struct pfsync_state to include target interface, but that would be breaking compatibility. 2. Reconstruct missing interface using rules on the second loadbalancer. Please find attached patch solving the issue using the 2nd method. There is still the issue of source_nodes not being synced, they probably can be reconstructed in a similar fashion. I might provide a patch for that later = on. This the 1st version of the patch, I am not totally sure of its stability a= nd it is designed only to solve the issue in my particular case, that is for r= ules with the following syntax: "route-to (internal4027 <pool_154571_4>) round-robin" --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-229092-227>