Date: Sun, 17 Oct 2021 17:13:20 +0200 From: Kristof Provost <kp@FreeBSD.org> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 076b3a50fd71 - main - pf: don't drop packets when redirection information comes from a state Message-ID: <336ECE44-FD7F-417B-827A-236FC6224E5B@FreeBSD.org> In-Reply-To: <20211016231207.s6rw6ndjrsshya2r@mutt-hbsd> References: <202110162306.19GN6MLj036119@gitrepo.freebsd.org> <20211016231207.s6rw6ndjrsshya2r@mutt-hbsd>
next in thread | previous in thread | raw e-mail | index | archive | help
On 17 Oct 2021, at 1:12, Shawn Webb wrote: > On Sat, Oct 16, 2021 at 11:06:22PM +0000, Kristof Provost wrote: >> The branch main has been updated by kp: >> >> URL: https://cgit.FreeBSD.org/src/commit/?id=3D076b3a50fd71d84f47bca71= 758e7fff3c02582e9 >> >> commit 076b3a50fd71d84f47bca71758e7fff3c02582e9 >> Author: Kristof Provost <kp@FreeBSD.org> >> AuthorDate: 2021-10-16 16:53:39 +0000 >> Commit: Kristof Provost <kp@FreeBSD.org> >> CommitDate: 2021-10-16 21:02:26 +0000 >> >> pf: don't drop packets when redirection information comes from a s= tate >> >> For some traffic there might be no matching rule in the current ru= leset, >> for example when a state was imported via pfsync from a sytem with= a >> different ruleset checksum. In this case pf_route uses s->rt_addr = for >> routing target instead of r->rpool.cur but r->rpool is checked any= way, >> resulting in dropped packets. >> >> PR: 259183 >> Submitted by: Kajetan Staszkiewicz <vegeta tuxpowered.net> >> Sponsored by: InnoGames GmbH > > Hey Kristof, > > Any plans to MFC? > I wasn=E2=80=99t planning to, but if it=E2=80=99d fix a problem for you r= emind me to MFC it in a week. Br, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?336ECE44-FD7F-417B-827A-236FC6224E5B>