Date: Sat, 16 Oct 2021 19:12:07 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Kristof Provost <kp@FreeBSD.org> Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 076b3a50fd71 - main - pf: don't drop packets when redirection information comes from a state Message-ID: <20211016231207.s6rw6ndjrsshya2r@mutt-hbsd> In-Reply-To: <202110162306.19GN6MLj036119@gitrepo.freebsd.org> References: <202110162306.19GN6MLj036119@gitrepo.freebsd.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Sat, Oct 16, 2021 at 11:06:22PM +0000, Kristof Provost wrote: > The branch main has been updated by kp: > > URL: https://cgit.FreeBSD.org/src/commit/?id=076b3a50fd71d84f47bca71758e7fff3c02582e9 > > commit 076b3a50fd71d84f47bca71758e7fff3c02582e9 > Author: Kristof Provost <kp@FreeBSD.org> > AuthorDate: 2021-10-16 16:53:39 +0000 > Commit: Kristof Provost <kp@FreeBSD.org> > CommitDate: 2021-10-16 21:02:26 +0000 > > pf: don't drop packets when redirection information comes from a state > > For some traffic there might be no matching rule in the current ruleset, > for example when a state was imported via pfsync from a sytem with a > different ruleset checksum. In this case pf_route uses s->rt_addr for > routing target instead of r->rpool.cur but r->rpool is checked anyway, > resulting in dropped packets. > > PR: 259183 > Submitted by: Kajetan Staszkiewicz <vegeta tuxpowered.net> > Sponsored by: InnoGames GmbH Hey Kristof, Any plans to MFC? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmFrXEQACgkQ/y5nonf4 4frwDBAAi/OG1vgbYiKMFkm+vYLZqxakAj7629ezWtbrNHZgsl6Eh6JuG3tdrV3A O+cI9b/pR9VN6uLV6HNzaJigAuvudOs4M3nG3oxNOx/w0d0zBuFL0YQ9/L+MHwLO WpJXnq4mwiuzBY4L3MYgMX6/Tyb/JVsmcTKMvdInJYfLIICL5JuCDCaUVnp9md3b FD92W/eHx0AKxi+AhBbrGoJRkXSFA61Nt3v3pmLSpS0H/VHAH/Z77NvDuaecorrL gQvXuqEbwQWn6TSReGI34MOBhMdjAhn7I/1kvrIOSm+w5Iy/Vtdeyt0OYNmln25/ jSE6t8VJBPkyioBLvF+h1ufuCIT+GejcFHm8Xu9aWCGIjiBzZEwPCeoTmtIRo9co ynRKkp+fkHuzwOeASo8Tv9lgHG4DG0rpPIDjT+gttoej1jnktr1yS4uRwa5siPkk 1lwLvbNds4Ux4H1LecNjgkTEjKtHvhi6ye5wG/O9oa6HqbJiBzZk/DrHdLthTbeF uVRwk2OladTkqrJZf5w0bXjXQ7u314JJNPVsc3DngNGuAmkjYigoYtfxhgsDjQ4G vbeCYXxzQTYgE0ttwHLpzmqI+7XuHqwC/7h8q5XQWtj5Ha90PZXN4EgiiwTaSzlm jfa48mNMvwTkUFH9M2Sn0uNfKQWPj0W3GQiwH+TNuz9cDCeQbXw= =ge0J -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20211016231207.s6rw6ndjrsshya2r>