git: 44c47bc6d61e - stable/12 - pf: locally originating connections with 'route-to' fail
Kristof Provost
kp at FreeBSD.org
Sat Aug 7 16:30:04 UTC 2021
The branch stable/12 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=44c47bc6d61ea295c6bb955a40f32c93a589f3ea
commit 44c47bc6d61ea295c6bb955a40f32c93a589f3ea
Author: Kristof Provost <kp at FreeBSD.org>
AuthorDate: 2021-07-14 10:17:03 +0000
Commit: Kristof Provost <kp at FreeBSD.org>
CommitDate: 2021-08-07 07:09:35 +0000
pf: locally originating connections with 'route-to' fail
Similar to the REPLY_TO shortcut (6d786845cf) we also can't shortcut
ROUTE_TO. If we do we will fail to apply transformations or update the
state, which can lead to premature termination of the connections.
PR: 257106
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D31177
(cherry picked from commit 2c0d115bbc8f8ee3f011a5c4a69bcbf58c4b721f)
---
sys/netpfil/pf/pf.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index caae2b92f0d6..a7b429120c9e 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -338,12 +338,6 @@ VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]);
return (PF_DROP); \
if (PACKET_LOOPED(pd)) \
return (PF_PASS); \
- if ((d) == PF_OUT && \
- (s)->rule.ptr->rt == PF_ROUTETO && \
- (s)->rule.ptr->direction == PF_OUT && \
- (s)->rt_kif != NULL && \
- (s)->rt_kif != (i)) \
- return (PF_PASS); \
} while (0)
#define BOUND_IFACE(r, k) \
More information about the dev-commits-src-all
mailing list