Date: Mon, 13 Jun 2022 14:33:54 +0200 From: Kristof Provost <kp@FreeBSD.org> To: Kajetan Staszkiewicz <vegeta@tuxpowered.net> Cc: freebsd-pf@freebsd.org Subject: Re: route-to, interfaces and pfsync Message-ID: <D8A04D28-549C-481E-9ED9-12C1F98A4E21@FreeBSD.org> In-Reply-To: <95f8e87d-2145-362b-2e37-79282054caa0@tuxpowered.net> References: <95f8e87d-2145-362b-2e37-79282054caa0@tuxpowered.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--=_MailMate_602FCB38-8C30-4B32-8A59-499F580BA7FC_= Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable On 13 Jun 2022, at 12:13, Kajetan Staszkiewicz wrote: > Hello Group, > > I see there is some developement = > (https://github.com/freebsd/freebsd-src/commit/81ef217ad428c29be669aac2= 166d194db31817a7) = > happening around the route-to target and pfsync. I personally took a = > different approach to the same issue = > (https://github.com/innogames/freebsd/commit/ce0b078c15a3be1aa3e608a937= 449e8448309fd2), = > because I had trouble having indentical ruleset on 2 routers forming a = > redundant pair, so that the synced state would match the ruleset. Also = > once the ruleset is changed, I think the approach which got merged = > won't really work due to the rules not being there anymore once the = > ruleset is changed. Please correct me if I'm wrong. > You=E2=80=99re correct. The fix you point to will only help if the rules = on = both sides are the same. > This brings us to OpenBSD. They have decided to drop the interface = > from route-to targets = > (https://github.com/openbsd/src/commit/5812a4ad62ca07807ac0bc59f22eb881= 3e6069bc). = > How about we do the same? If porting this change from OpenBSD has a = > chance of getting aproved and merged, I'd be willing to work on it. > That=E2=80=99s a breaking syntax change, at there=E2=80=99s at least one = major = FreeBSD/pf user that relies heavily on route-to (i.e. pfSense). So = something that=E2=80=99d break that is not going to be easy. However, (without having looked at the patch in great detail) we might = be able to support both the old style `route-to (epair0a 1.2.3.4)` and a = new `route-to (1.2.3.4)` or even `route-to (@1.2.3.4)` or something if = that disambiguates better. If we can ensure the old style keeps working = (with any limitations it currently has), which also supporting the new = style that=E2=80=99d give everyone a chance to migrate. We could then rem= ove = the old style in say 15.0. Best regards, Kristof --=_MailMate_602FCB38-8C30-4B32-8A59-499F580BA7FC_= Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html> <html> <head> <meta http-equiv=3D"Content-Type" content=3D"text/xhtml; charset=3Dutf-8"= > </head> <body><div style=3D"font-family: sans-serif;"><div class=3D"markdown" sty= le=3D"white-space: normal;"> <p dir=3D"auto">On 13 Jun 2022, at 12:13, Kajetan Staszkiewicz wrote:</p>= </div><div class=3D"plaintext" style=3D"white-space: normal;"><blockquote= style=3D"margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136= BCE; color: #136BCE;"><p dir=3D"auto">Hello Group,</p> <p dir=3D"auto">I see there is some developement (<a href=3D"https://gith= ub.com/freebsd/freebsd-src/commit/81ef217ad428c29be669aac2166d194db31817a= 7">https://github.com/freebsd/freebsd-src/commit/81ef217ad428c29be669aac2= 166d194db31817a7</a>) happening around the route-to target and pfsync. I = personally took a different approach to the same issue (<a href=3D"https:= //github.com/innogames/freebsd/commit/ce0b078c15a3be1aa3e608a937449e84483= 09fd2">https://github.com/innogames/freebsd/commit/ce0b078c15a3be1aa3e608= a937449e8448309fd2</a>), because I had trouble having indentical ruleset = on 2 routers forming a redundant pair, so that the synced state would mat= ch the ruleset. Also once the ruleset is changed, I think the approach wh= ich got merged won't really work due to the rules not being there anymore= once the ruleset is changed. Please correct me if I'm wrong.</p> <br></blockquote></div> <div class=3D"markdown" style=3D"white-space: normal;"> <p dir=3D"auto">You=E2=80=99re correct. The fix you point to will only he= lp if the rules on both sides are the same.</p> </div><div class=3D"plaintext" style=3D"white-space: normal;"><blockquote= style=3D"margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136= BCE; color: #136BCE;"><p dir=3D"auto">This brings us to OpenBSD. They hav= e decided to drop the interface from route-to targets (<a href=3D"https:/= /github.com/openbsd/src/commit/5812a4ad62ca07807ac0bc59f22eb8813e6069bc">= https://github.com/openbsd/src/commit/5812a4ad62ca07807ac0bc59f22eb8813e6= 069bc</a>). How about we do the same? If porting this change from OpenBSD= has a chance of getting aproved and merged, I'd be willing to work on it= =2E</p> <br></blockquote></div> <div class=3D"markdown" style=3D"white-space: normal;"> <p dir=3D"auto">That=E2=80=99s a breaking syntax change, at there=E2=80=99= s at least one major FreeBSD/pf user that relies heavily on route-to (i.e= =2E pfSense). So something that=E2=80=99d break that is not going to be e= asy.</p> <p dir=3D"auto">However, (without having looked at the patch in great det= ail) we might be able to support both the old style <code>route-to (epair= 0a 1.2.3.4)</code> and a new <code>route-to (1.2.3.4)</code> or even <cod= e>route-to (@1.2.3.4)</code> or something if that disambiguates better. I= f we can ensure the old style keeps working (with any limitations it curr= ently has), which also supporting the new style that=E2=80=99d give every= one a chance to migrate. We could then remove the old style in say 15.0.<= /p> <p dir=3D"auto">Best regards,<br> Kristof</p> </div></div></body> </html> --=_MailMate_602FCB38-8C30-4B32-8A59-499F580BA7FC_=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D8A04D28-549C-481E-9ED9-12C1F98A4E21>