[Bug 229092] [pf] [pfsync] States created by route-to rules pfsynced without interface
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Jun 29 12:37:39 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229092
--- Comment #3 from Kajetan Staszkiewicz <vegeta at tuxpowered.net> ---
I found another bug: states synced during initial bulk update are considered to
come from incompatible ruleset, even if ruleset *is* compatible. I also must
raise a question why the initial sync is "update" and not "insert".
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -874,21 +874,21 @@ pfsync_in_upd(struct pfsync_pkt *pkt, struct mbuf *m, int
offset, int count)
printf("pfsync_input: PFSYNC_ACT_UPD: "
"invalid value\n");
}
V_pfsyncstats.pfsyncs_badval++;
continue;
}
st = pf_find_state_byid(sp->id, sp->creatorid);
if (st == NULL) {
/* insert the update */
- if (pfsync_state_import(sp, 0))
+ if (pfsync_state_import(sp, pkt->flags))
V_pfsyncstats.pfsyncs_badstate++;
continue;
}
if (st->state_flags & PFSTATE_ACK) {
PFSYNC_LOCK(sc);
pfsync_undefer_state(st, 1);
PFSYNC_UNLOCK(sc);
}
This bug is fixed in OpenBSD some time ago:
https://github.com/openbsd/src/commit/ddb7828bc6708358e6c08caaf09e3524e8cab7b4
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list