Date: Sat, 17 Jul 2021 14:29:42 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 2c0d115bbc8f - main - pf: locally originating connections with 'route-to' fail Message-ID: <202107171429.16HETguO035751@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=2c0d115bbc8f8ee3f011a5c4a69bcbf58c4b721f commit 2c0d115bbc8f8ee3f011a5c4a69bcbf58c4b721f Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-07-14 10:17:03 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-07-17 12:28:07 +0000 pf: locally originating connections with 'route-to' fail Similar to the REPLY_TO shortcut (6d786845cf) we also can't shortcut ROUTE_TO. If we do we will fail to apply transformations or update the state, which can lead to premature termination of the connections. PR: 257106 MFC after: 3 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D31177 --- sys/netpfil/pf/pf.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 29b3f6b8d94d..51b26350d0bb 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -346,12 +346,6 @@ VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); return (PF_DROP); \ if (PACKET_LOOPED(pd)) \ return (PF_PASS); \ - if ((d) == PF_OUT && \ - (s)->rule.ptr->rt == PF_ROUTETO && \ - (s)->rule.ptr->direction == PF_OUT && \ - (s)->rt_kif != NULL && \ - (s)->rt_kif != (i)) \ - return (PF_PASS); \ } while (0) #define BOUND_IFACE(r, k) \
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202107171429.16HETguO035751>