[Bug 229092] [pf] [pfsync] States created by route-to rules pfsynced without interface

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu Jan 24 13:59:20 UTC 2019


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229092

--- Comment #18 from Kajetan Staszkiewicz <vegeta at tuxpowered.net> ---
My 2nd patch stores missing state->rt information in currently unused part of
struct pfsync_state. That should make it compatible. A router running
non-patched kernel will simply not transmit any data there when sending states
and ignore all data when receiving them from a patched router. So that part
should be safe.

What looks potentially unsafe is guessing of target interface. Although it is
already badly broken, as packets are leaving router via route matching
destination on unpatched kerel.

Is guessing of target interface done correctly? Can I use fib lookup functions
just like this? No locking needed?

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the freebsd-pf mailing list