For a long period of time, I have been using reply-to rules for a few TCP and one UDP service which had been introduced for HA reasons and are used quite rarely. After upgrade to 11-STABLE the rules for TCP traffic work as expected, providing kind of symmetric routing, but UDP traffic ignores reply-to directive and UDP service is responding only partially via default gateway. Worse, only one UDP segment passes in one direction for UDP service. As a result, the whole communication is broken. PF states look like this: all udp 88.199.x.x:1197 <- 62.x.y.z:58781 NO_TRAFFIC:SINGLE all udp 88.199.y.y:1197 -> 62.x.y.z:58781 SINGLE:NO_TRAFFIC Similar rule for tcp traffic works flawlessly: all tcp 88.199.x.x:50001 <- 62.x.y.z:56330 ESTABLISHED:ESTABLISHED
It is not an underlying service issue, additional tests were performed using netcat. The rules weren't changed, at least since the machine was running 9-STABLE and then everything worked correctly. The machine is currently running 11.0-STABLE r311637 compiled for i386 arch. Is it a bug to be officially submitted or it will not be possible to use reply-to for UDP traffic anymore? -- Marek Zarychta
signature.asc
Description: PGP signature
