The branch stable/12 has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=44c47bc6d61ea295c6bb955a40f32c93a589f3ea
commit 44c47bc6d61ea295c6bb955a40f32c93a589f3ea
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2021-07-14 10:17:03 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2021-08-07 07:09:35 +0000
pf: locally originating connections with 'route-to' fail
Similar to the REPLY_TO shortcut (6d786845cf) we also can't shortcut
ROUTE_TO. If we do we will fail to apply transformations or update the
state, which can lead to premature termination of the connections.
PR: 257106
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D31177
(cherry picked from commit 2c0d115bbc8f8ee3f011a5c4a69bcbf58c4b721f)
---
sys/netpfil/pf/pf.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index caae2b92f0d6..a7b429120c9e 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -338,12 +338,6 @@ VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]);
return (PF_DROP); \
if (PACKET_LOOPED(pd)) \
return (PF_PASS); \
- if ((d) == PF_OUT && \
- (s)->rule.ptr->rt == PF_ROUTETO && \
- (s)->rule.ptr->direction == PF_OUT && \
- (s)->rt_kif != NULL && \
- (s)->rt_kif != (i)) \
- return (PF_PASS); \
} while (0)
#define BOUND_IFACE(r, k) \
_______________________________________________
dev-commits-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all
To unsubscribe, send any mail to "dev-commits-src-all-unsubscr...@freebsd.org"
