Re: git: 076b3a50fd71 - main - pf: don't drop packets when redirection information comes from a state

Reply: Kristof Provost : "Re: git: 076b3a50fd71 - main - pf: don't drop packets when redirection information comes from a state"
In reply to: Kristof Provost : "git: 076b3a50fd71 - main - pf: don't drop packets when redirection information comes from a state"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Shawn Webb <shawn.webb_at_hardenedbsd.org>
Date: Sat, 16 Oct 2021 23:12:07 UTC

On Sat, Oct 16, 2021 at 11:06:22PM +0000, Kristof Provost wrote:
> The branch main has been updated by kp:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=076b3a50fd71d84f47bca71758e7fff3c02582e9
> 
> commit 076b3a50fd71d84f47bca71758e7fff3c02582e9
> Author:     Kristof Provost <kp@FreeBSD.org>
> AuthorDate: 2021-10-16 16:53:39 +0000
> Commit:     Kristof Provost <kp@FreeBSD.org>
> CommitDate: 2021-10-16 21:02:26 +0000
> 
>     pf: don't drop packets when redirection information comes from a state
>     
>     For some traffic there might be no matching rule in the current ruleset,
>     for example when a state was imported via pfsync from a sytem with a
>     different ruleset checksum. In this case pf_route uses s->rt_addr for
>     routing target instead of r->rpool.cur but r->rpool is checked anyway,
>     resulting in dropped packets.
>     
>     PR:             259183
>     Submitted by:   Kajetan Staszkiewicz <vegeta tuxpowered.net>
>     Sponsored by:   InnoGames GmbH

Hey Kristof,

Any plans to MFC?

Thanks,

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc