Re: git: 076b3a50fd71 - main - pf: don't drop packets when redirection information comes from a state

In reply to: Shawn Webb : "Re: git: 076b3a50fd71 - main - pf: don't drop packets when redirection information comes from a state"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Sun, 17 Oct 2021 15:13:20 UTC

On 17 Oct 2021, at 1:12, Shawn Webb wrote:
> On Sat, Oct 16, 2021 at 11:06:22PM +0000, Kristof Provost wrote:
>> The branch main has been updated by kp:
>>
>> URL: https://cgit.FreeBSD.org/src/commit/?id=076b3a50fd71d84f47bca71758e7fff3c02582e9
>>
>> commit 076b3a50fd71d84f47bca71758e7fff3c02582e9
>> Author:     Kristof Provost <kp@FreeBSD.org>
>> AuthorDate: 2021-10-16 16:53:39 +0000
>> Commit:     Kristof Provost <kp@FreeBSD.org>
>> CommitDate: 2021-10-16 21:02:26 +0000
>>
>>     pf: don't drop packets when redirection information comes from a state
>>
>>     For some traffic there might be no matching rule in the current ruleset,
>>     for example when a state was imported via pfsync from a sytem with a
>>     different ruleset checksum. In this case pf_route uses s->rt_addr for
>>     routing target instead of r->rpool.cur but r->rpool is checked anyway,
>>     resulting in dropped packets.
>>
>>     PR:             259183
>>     Submitted by:   Kajetan Staszkiewicz <vegeta tuxpowered.net>
>>     Sponsored by:   InnoGames GmbH
>
> Hey Kristof,
>
> Any plans to MFC?
>
I wasn’t planning to, but if it’d fix a problem for you remind me to MFC it in a week.

Br,
Kristof