Hello all, especially network hackers (you write cool code, BTW, thanks!)
(Sending this email to another list as now it's more technical. I hope)
Stupid me finally found the reasons for such route-to/reply-to behavior:
/usr/src/sbin/pfctl/parse.y (introduced in 1.563 and modified later):
/* fake redirspec */
if (($9.rdr.rdr = calloc(1,
sizeof(*$9.rdr.rdr))) == NULL)
err(1, "$9.rdr.rdr");
$9.rdr.rdr->host = $5.host;
/usr/src/sys/net/pf_ioctl.c:
if (rule->rt > PF_FASTROUTE &&
(TAILQ_FIRST(&rule->rdr.list) == NULL))
error = EINVAL;
So as far as I can understand, pf_rule.rdr pool is used for
route-to/reply-to/dup-to options. Now I have a few stupid questions:
1. Is it intended to have only one address pool for
rdr-to/route-to/reply-to/dup-to options in the rule? Or did I
misinterpreted something?
2. Is it OK if I'll hack it to make possible even crazy rule like this:
pass in on $if1 from $a to $b rdr-to $c \
route-to ($if3 $gt3) reply-to ($if2 $gt2) dup-to $if4
... or it's not intended to be so, or it's in the work already? All I
want is redirecting traffic "smartly" between to uplinks in different
networks like:
match in on lan to ! <all-locals> port domain \
route-to ($fast_if $fast_gw)
pass in on lan to ! <all-locals>
Or, if it's not desired that "match" support routing options, just:
pass in on lan to ! <all-locals> port domain \
route-to ($fast_if $fast_gw)
pass in on lan to ! <all-locals>
--
Best wishes,
Vadim Zhukov
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
