[Bug 229092] [pf] [pfsync] States created by route-to rules pfsynced without interface
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Jan 22 22:56:17 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229092
Kajetan Staszkiewicz <vegeta at tuxpowered.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #194342|0 |1
is obsolete| |
CC| |vegeta at tuxpowered.net
--- Comment #11 from Kajetan Staszkiewicz <vegeta at tuxpowered.net> ---
Created attachment 201346
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=201346&action=edit
Reconstruct interface route by standard fib lookup
I found another issue. Even if we can somehow reconstruct route interface,
there is still a requirement for having identical ruleset on both routers
because it is rule->rt which makes Route-to, Duplicate-to and Reply-to targets
work. This information is never kept in state.
Attached patch solves this issue by copying rule->rt to state->rt (new field).
Pfsync struct got this field too. Route interface is reconstructed by normal
lookup in routing table in fib 0.
Warning: for "no state" rules stil rule->rt must be used and I have coded it
but not tested. For stateful ruleset all seems fine for route-to target.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pf
mailing list