Date: Sun, 17 Jun 2018 21:40:24 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 229092] [pf] [pfsync] States created by route-to rules pfsynced without interface Message-ID: <bug-229092-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229092 Bug ID: 229092 Summary: [pf] [pfsync] States created by route-to rules pfsynced without interface Product: Base System Version: 11.1-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: vegeta@tuxpowered.net Created attachment 194342 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=194342&action=edit Reconstruct rt_kif in pfsync_state_import I use FreeBSD and pf on routers and hardware loadbalancers. Routers do normal routing and have firewalls with only block or pass rules. Loadbalancers use route-to rules with tables of target hosts. On routers pfsync works just fine while on loadbalancers it fails because states are synced without target interface. There are 2 ways to fix it: 1. Modify struct pfsync_state to include target interface, but that would be breaking compatibility. 2. Reconstruct missing interface using rules on the second loadbalancer. Please find attached patch solving the issue using the 2nd method. There is still the issue of source_nodes not being synced, they probably can be reconstructed in a similar fashion. I might provide a patch for that later on. This the 1st version of the patch, I am not totally sure of its stability and it is designed only to solve the issue in my particular case, that is for rules with the following syntax: "route-to (internal4027 <pool_154571_4>) round-robin" -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-229092-227>