From owner-freebsd-bugs@freebsd.org  Sun Jun 17 21:40:26 2018
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1A6AF100BC62
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun, 17 Jun 2018 21:40:26 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id A80AC81104
 for <freebsd-bugs@freebsd.org>; Sun, 17 Jun 2018 21:40:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 6BC6B100BC61; Sun, 17 Jun 2018 21:40:25 +0000 (UTC)
Delivered-To: bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 47C20100BC60
 for <bugs@mailman.ysv.freebsd.org>; Sun, 17 Jun 2018 21:40:25 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.ysv.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id DA3E681103
 for <bugs@FreeBSD.org>; Sun, 17 Jun 2018 21:40:24 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 1134619AFC
 for <bugs@FreeBSD.org>; Sun, 17 Jun 2018 21:40:24 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w5HLeN7h043696
 for <bugs@FreeBSD.org>; Sun, 17 Jun 2018 21:40:23 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w5HLeN6X043693
 for bugs@FreeBSD.org; Sun, 17 Jun 2018 21:40:23 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 229092] [pf] [pfsync] States created by route-to rules pfsynced
 without interface
Date: Sun, 17 Jun 2018 21:40:24 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: vegeta@tuxpowered.net
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 attachments.created
Message-ID: <bug-229092-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jun 2018 21:40:26 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229092

            Bug ID: 229092
           Summary: [pf] [pfsync] States created by route-to rules
                    pfsynced without interface
           Product: Base System
           Version: 11.1-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: vegeta@tuxpowered.net

Created attachment 194342
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D194342&action=
=3Dedit
Reconstruct rt_kif in pfsync_state_import

I use FreeBSD and pf on routers and hardware loadbalancers. Routers do norm=
al
routing and have firewalls with only block or pass rules. Loadbalancers use
route-to rules with tables of target hosts. On routers pfsync works just fi=
ne
while on loadbalancers it fails because states are synced without target
interface.

There are 2 ways to fix it:
1. Modify struct pfsync_state to include target interface, but that would be
breaking compatibility.
2. Reconstruct missing interface using rules on the second loadbalancer.

Please find attached patch solving the issue using the 2nd method. There is
still the issue of source_nodes not being synced, they probably can be
reconstructed in a similar fashion. I might provide a patch for that later =
on.
This the 1st version of the patch, I am not totally sure of its stability a=
nd
it is designed only to solve the issue in my particular case, that is for r=
ules
with the following syntax: "route-to (internal4027 <pool_154571_4>)
round-robin"

--=20
You are receiving this mail because:
You are the assignee for the bug.=