* Vadim Zhukov <persg...@gmail.com> [2009-09-25 06:36]: > Hello all, especially network hackers (you write cool code, BTW, thanks!) > > (Sending this email to another list as now it's more technical. I hope) > > Stupid me finally found the reasons for such route-to/reply-to behavior: > > /usr/src/sbin/pfctl/parse.y (introduced in 1.563 and modified later): > /* fake redirspec */ > if (($9.rdr.rdr = calloc(1, > sizeof(*$9.rdr.rdr))) == NULL) > err(1, "$9.rdr.rdr"); > $9.rdr.rdr->host = $5.host; > > /usr/src/sys/net/pf_ioctl.c: > if (rule->rt > PF_FASTROUTE && > (TAILQ_FIRST(&rule->rdr.list) == NULL)) > error = EINVAL; > > So as far as I can understand, pf_rule.rdr pool is used for > route-to/reply-to/dup-to options. Now I have a few stupid questions: > > 1. Is it intended to have only one address pool for > rdr-to/route-to/reply-to/dup-to options in the rule? Or did I > misinterpreted something?
this was intended but is a bit nasty so we'll go for a seperate pool for the route stuff (route-to/reply-to/dup-to) > 2. Is it OK if I'll hack it to make possible even crazy rule like this: > > pass in on $if1 from $a to $b rdr-to $c \ > route-to ($if3 $gt3) reply-to ($if2 $gt2) dup-to $if4 this doesn't work right now, see above, that soves it -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
