Date: Sat, 16 Oct 2021 19:12:07 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Kristof Provost <kp@FreeBSD.org> Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 076b3a50fd71 - main - pf: don't drop packets when redirection information comes from a state Message-ID: <20211016231207.s6rw6ndjrsshya2r@mutt-hbsd> In-Reply-To: <202110162306.19GN6MLj036119@gitrepo.freebsd.org> References: <202110162306.19GN6MLj036119@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--pxsb6acv6liysvfb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Oct 16, 2021 at 11:06:22PM +0000, Kristof Provost wrote: > The branch main has been updated by kp: >=20 > URL: https://cgit.FreeBSD.org/src/commit/?id=3D076b3a50fd71d84f47bca71758= e7fff3c02582e9 >=20 > commit 076b3a50fd71d84f47bca71758e7fff3c02582e9 > Author: Kristof Provost <kp@FreeBSD.org> > AuthorDate: 2021-10-16 16:53:39 +0000 > Commit: Kristof Provost <kp@FreeBSD.org> > CommitDate: 2021-10-16 21:02:26 +0000 >=20 > pf: don't drop packets when redirection information comes from a state > =20 > For some traffic there might be no matching rule in the current rules= et, > for example when a state was imported via pfsync from a sytem with a > different ruleset checksum. In this case pf_route uses s->rt_addr for > routing target instead of r->rpool.cur but r->rpool is checked anyway, > resulting in dropped packets. > =20 > PR: 259183 > Submitted by: Kajetan Staszkiewicz <vegeta tuxpowered.net> > Sponsored by: InnoGames GmbH Hey Kristof, Any plans to MFC? Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --pxsb6acv6liysvfb Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmFrXEQACgkQ/y5nonf4 4frwDBAAi/OG1vgbYiKMFkm+vYLZqxakAj7629ezWtbrNHZgsl6Eh6JuG3tdrV3A O+cI9b/pR9VN6uLV6HNzaJigAuvudOs4M3nG3oxNOx/w0d0zBuFL0YQ9/L+MHwLO WpJXnq4mwiuzBY4L3MYgMX6/Tyb/JVsmcTKMvdInJYfLIICL5JuCDCaUVnp9md3b FD92W/eHx0AKxi+AhBbrGoJRkXSFA61Nt3v3pmLSpS0H/VHAH/Z77NvDuaecorrL gQvXuqEbwQWn6TSReGI34MOBhMdjAhn7I/1kvrIOSm+w5Iy/Vtdeyt0OYNmln25/ jSE6t8VJBPkyioBLvF+h1ufuCIT+GejcFHm8Xu9aWCGIjiBzZEwPCeoTmtIRo9co ynRKkp+fkHuzwOeASo8Tv9lgHG4DG0rpPIDjT+gttoej1jnktr1yS4uRwa5siPkk 1lwLvbNds4Ux4H1LecNjgkTEjKtHvhi6ye5wG/O9oa6HqbJiBzZk/DrHdLthTbeF uVRwk2OladTkqrJZf5w0bXjXQ7u314JJNPVsc3DngNGuAmkjYigoYtfxhgsDjQ4G vbeCYXxzQTYgE0ttwHLpzmqI+7XuHqwC/7h8q5XQWtj5Ha90PZXN4EgiiwTaSzlm jfa48mNMvwTkUFH9M2Sn0uNfKQWPj0W3GQiwH+TNuz9cDCeQbXw= =ge0J -----END PGP SIGNATURE----- --pxsb6acv6liysvfb--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20211016231207.s6rw6ndjrsshya2r>