Date: Fri, 13 Jul 2018 15:45:05 +0000 From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229477] [PATCH] fail-policy changes cause delays on synproxy packets Message-ID: <bug-229477-16861-By2EsFlZ85@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-229477-16861@https.bugs.freebsd.org/bugzilla/> References: <bug-229477-16861@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229477 --- Comment #9 from Kajetan Staszkiewicz <vegeta@tuxpowered.net> --- I ran some tests and the patch seems correct. If I understand correctly, my patch prevented "return(action)" to be called for pf_create_state returning with synproxy and this one restores this behaviour while still allowing pf_return for really failed rules. Unfortunately I found out that fail-policy does not really work for rdr rules, probably because they are not really normal rules with rule number and so on, even if they create a state ("rdr pass"). I assume fixing that should be my own job in another bug report. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-229477-16861-By2EsFlZ85>