On Sat, Oct 16, 2021 at 11:06:22PM +0000, Kristof Provost wrote: > The branch main has been updated by kp: > > URL: > https://cgit.FreeBSD.org/src/commit/?id=076b3a50fd71d84f47bca71758e7fff3c02582e9 > > commit 076b3a50fd71d84f47bca71758e7fff3c02582e9 > Author: Kristof Provost <[email protected]> > AuthorDate: 2021-10-16 16:53:39 +0000 > Commit: Kristof Provost <[email protected]> > CommitDate: 2021-10-16 21:02:26 +0000 > > pf: don't drop packets when redirection information comes from a state > > For some traffic there might be no matching rule in the current ruleset, > for example when a state was imported via pfsync from a sytem with a > different ruleset checksum. In this case pf_route uses s->rt_addr for > routing target instead of r->rpool.cur but r->rpool is checked anyway, > resulting in dropped packets. > > PR: 259183 > Submitted by: Kajetan Staszkiewicz <vegeta tuxpowered.net> > Sponsored by: InnoGames GmbH
Hey Kristof, Any plans to MFC? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
