Hello,
On Fri, Jan 15, 2021 at 06:26:48PM +0100, Alexander Bluhm wrote:
> On Tue, Jan 12, 2021 at 08:45:22PM +0100, Alexandr Nedvedicky wrote:
> > I think bluhm@ and dlg@ have committed part of that change already.
>
> I have only commited a refactoring change. Next step in kernel
> would be to remove the check in pf_find_state() and see what happens.
>
> I was waiting for dlg@ to do it, but maybe he waited for me.
>
> Index: net/pf.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sys/net/pf.c,v
> retrieving revision 1.1098
> diff -u -p -r1.1098 pf.c
> --- net/pf.c 14 Jan 2021 09:44:33 -0000 1.1098
> +++ net/pf.c 15 Jan 2021 16:46:42 -0000
> @@ -1122,12 +1122,6 @@ pf_find_state(struct pf_pdesc *pd, struc
> }
>
> *state = s;
> - if (pd->dir == PF_OUT && s->rt_kif != NULL && s->rt_kif != pd->kif &&
> - ((s->rule.ptr->rt == PF_ROUTETO &&
> - s->rule.ptr->direction == PF_OUT) ||
> - (s->rule.ptr->rt == PF_REPLYTO &&
> - s->rule.ptr->direction == PF_IN)))
> - return (PF_PASS);
>
> return (PF_MATCH);
> }
>
please go ahead and commit the diff to pf_find_state() above.
> > the proposed diff updates pfctl(8) so parser will do 'a right thing',
>
> Does it work without the kernel changes from dlg@ ?
no it does not. my branch is ahead of tree. I've lost a track.
sorry for being impatient, creating more confusion here.
>
> > the diff also breaks existing regression tests. We can update
> > them once, we will agree on proposed diff.
>
> I have adapted my regress pf.conf and regress/sys/net/pf_forward
> fails in the route-to test. It worked with dlg@'s diff. So your
> standalone pfctl change does not seem to be sufficient.
>
my diff is ahead of time. I'll resend, once tree will be ready.
regards
sashan
