Re: route-to, interfaces and pfsync

On 13 Jun 2022, at 12:13, Kajetan Staszkiewicz wrote:
> Hello Group,
>
> I see there is some developement 
> (https://github.com/freebsd/freebsd-src/commit/81ef217ad428c29be669aac2166d194db31817a7) 
> happening around the route-to target and pfsync. I personally took a 
> different approach to the same issue 
> (https://github.com/innogames/freebsd/commit/ce0b078c15a3be1aa3e608a937449e8448309fd2), 
> because I had trouble having indentical ruleset on 2 routers forming a 
> redundant pair, so that the synced state would match the ruleset. Also 
> once the ruleset is changed, I think the approach which got merged 
> won't really work due to the rules not being there anymore once the 
> ruleset is changed. Please correct me if I'm wrong.
>
You’re correct. The fix you point to will only help if the rules on 
both sides are the same.

> This brings us to OpenBSD. They have decided to drop the interface 
> from route-to targets 
> (https://github.com/openbsd/src/commit/5812a4ad62ca07807ac0bc59f22eb8813e6069bc). 
> How about we do the same? If porting this change from OpenBSD has a 
> chance of getting aproved and merged, I'd be willing to work on it.
>
That’s a breaking syntax change, at there’s at least one major 
FreeBSD/pf user that relies heavily on route-to (i.e. pfSense). So 
something that’d break that is not going to be easy.

However, (without having looked at the patch in great detail) we might 
be able to support both the old style `route-to (epair0a 1.2.3.4)` and a 
new `route-to (1.2.3.4)` or even `route-to (@1.2.3.4)` or something if 
that disambiguates better. If we can ensure the old style keeps working 
(with any limitations it currently has), which also supporting the new 
style that’d give everyone a chance to migrate. We could then remove 
the old style in say 15.0.

Best regards,
Kristof