CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2025/12/10 21:59:26
Modified files:
sys/net : pf.c
Log message:
if pf can't find a parent for a carp interface, don't process the packet.
pf tries hard to pretend carp doesnt exist by mapping carp interfaces
back to their parents for the application of policy (ie, state/ruleset
evaluation). if a carp parent detaches, it's (very unlikely but
still) possible for a packet received by a carp interface to go
through pf.
previously pf would handle this situation by passing the packet
through as if it were received by the carp interface, which is
inconsistent with it trying to use the parent instead.
this change has it drop packets in this situation instead.
ok sashan@ claudio@ henning@
