route-to, interfaces and pfsync

Reply: Kristof Provost : "Re: route-to, interfaces and pfsync"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Kajetan Staszkiewicz <vegeta_at_tuxpowered.net>
Date: Mon, 13 Jun 2022 10:13:26 UTC

Hello Group,

I see there is some developement 
(https://github.com/freebsd/freebsd-src/commit/81ef217ad428c29be669aac2166d194db31817a7) 
happening around the route-to target and pfsync. I personally took a 
different approach to the same issue 
(https://github.com/innogames/freebsd/commit/ce0b078c15a3be1aa3e608a937449e8448309fd2), 
because I had trouble having indentical ruleset on 2 routers forming a 
redundant pair, so that the synced state would match the ruleset. Also 
once the ruleset is changed, I think the approach which got merged won't 
really work due to the rules not being there anymore once the ruleset is 
changed. Please correct me if I'm wrong.

This brings us to OpenBSD. They have decided to drop the interface from 
route-to targets 
(https://github.com/openbsd/src/commit/5812a4ad62ca07807ac0bc59f22eb8813e6069bc). 
How about we do the same? If porting this change from OpenBSD has a 
chance of getting aproved and merged, I'd be willing to work on it. That 
would obsolete the bug 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229092 opened by me 
years ago, sorry, I've never delivered the tests I've been asked for :(

Removing the interfaces would also get us closer to fixing route-to with 
synproxy and syncookies.

-- 
| pozdrawiam / greetings | Powered by macOS, Debian and FreeBSD |
|  Kajetan Staszkiewicz  |  www: http://vegeta.tuxpowered.net   |
`------------------------^--------------------------------------'