Date: Sat, 7 Aug 2021 16:30:03 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: e650ef36ba9e - stable/13 - pf: locally originating connections with 'route-to' fail Message-ID: <202108071630.177GU3mA024537@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=e650ef36ba9ef7ec994d3e7048a56fea761f9c7e commit e650ef36ba9ef7ec994d3e7048a56fea761f9c7e Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-07-14 10:17:03 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-08-07 07:08:09 +0000 pf: locally originating connections with 'route-to' fail Similar to the REPLY_TO shortcut (6d786845cf) we also can't shortcut ROUTE_TO. If we do we will fail to apply transformations or update the state, which can lead to premature termination of the connections. PR: 257106 MFC after: 3 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D31177 (cherry picked from commit 2c0d115bbc8f8ee3f011a5c4a69bcbf58c4b721f) --- sys/netpfil/pf/pf.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 3f954497dc20..0db9eaed1ac4 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -337,12 +337,6 @@ VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]); return (PF_DROP); \ if (PACKET_LOOPED(pd)) \ return (PF_PASS); \ - if ((d) == PF_OUT && \ - (s)->rule.ptr->rt == PF_ROUTETO && \ - (s)->rule.ptr->direction == PF_OUT && \ - (s)->rt_kif != NULL && \ - (s)->rt_kif != (i)) \ - return (PF_PASS); \ } while (0) #define BOUND_IFACE(r, k) \
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202108071630.177GU3mA024537>