On Sun, Jan 03, 2021 at 06:56:20PM +0100, Alexander Bluhm wrote: > I am currently running a full regress to find more fallout.
These regress tests fail: sys/net/pf_forward sys/net/pf_fragment sbin/pfctl The first two are easy to fix. That means my tests using route-to work fine with your diff. Just remove the @interface as below. pfctl tests pfail8 and pf13 use very strange routespec syntax. You might want to take a look at what that meant before and what should be valid now. bluhm Index: regress/sys/net/pf_forward/pf.conf =================================================================== RCS file: /mount/openbsd/cvs/src/regress/sys/net/pf_forward/pf.conf,v retrieving revision 1.5 diff -u -p -r1.5 pf.conf --- regress/sys/net/pf_forward/pf.conf 11 Jan 2018 03:23:16 -0000 1.5 +++ regress/sys/net/pf_forward/pf.conf 3 Jan 2021 23:26:54 -0000 @@ -17,22 +17,22 @@ pass out inet6 pass in to $AF_IN6/64 af-to inet from $PF_OUT to $ECO_IN/24 tag af pass out inet tagged af -pass in to $RTT_IN/24 route-to $RT_IN@$PF_IFOUT tag rttin -pass out tagged rttin -pass in to $RTT_IN6/64 route-to $RT_IN6@$PF_IFOUT tag rttin -pass out tagged rttin +pass in to $RTT_IN/24 route-to $RT_IN tag rttin +pass out tagged rttin +pass in to $RTT_IN6/64 route-to $RT_IN6 tag rttin +pass out tagged rttin -pass in to $RTT_OUT/24 tag rttout -pass out route-to $RT_IN@$PF_IFOUT tagged rttout -pass in to $RTT_OUT6/64 tag rttout -pass out route-to $RT_IN6@$PF_IFOUT tagged rttout +pass in to $RTT_OUT/24 tag rttout +pass out route-to $RT_IN tagged rttout +pass in to $RTT_OUT6/64 tag rttout +pass out route-to $RT_IN6 tagged rttout -pass in from $RPT_IN/24 reply-to $SRC_OUT@$PF_IFIN tag rptin -pass out tagged rptin -pass in from $RPT_IN6/64 reply-to $SRC_OUT6@$PF_IFIN tag rptin -pass out tagged rptin +pass in from $RPT_IN/24 reply-to $SRC_OUT tag rptin +pass out tagged rptin +pass in from $RPT_IN6/64 reply-to $SRC_OUT6 tag rptin +pass out tagged rptin -pass in from $RPT_OUT/24 tag rptout -pass out reply-to $SRC_OUT@$PF_IFIN tagged rptout -pass in from $RPT_OUT6/64 tag rptout -pass out reply-to $SRC_OUT6@$PF_IFIN tagged rptout +pass in from $RPT_OUT/24 tag rptout +pass out reply-to $SRC_OUT tagged rptout +pass in from $RPT_OUT6/64 tag rptout +pass out reply-to $SRC_OUT6 tagged rptout Index: regress/sys/net/pf_fragment/pf.conf =================================================================== RCS file: /mount/openbsd/cvs/src/regress/sys/net/pf_fragment/pf.conf,v retrieving revision 1.5 diff -u -p -r1.5 pf.conf --- regress/sys/net/pf_fragment/pf.conf 7 Jun 2017 20:09:07 -0000 1.5 +++ regress/sys/net/pf_fragment/pf.conf 3 Jan 2021 23:28:07 -0000 @@ -10,7 +10,7 @@ pass out nat-to $PF_OUT pass in to $RDR_IN6/64 rdr-to $ECO_IN6 allow-opts tag rdr pass out nat-to $PF_OUT6 allow-opts tagged rdr -pass in to $RTT_IN/24 allow-opts tag rtt -pass out route-to $RT_IN@$PF_IFOUT allow-opts tagged rtt -pass in to $RTT_IN6/64 allow-opts tag rtt -pass out route-to $RT_IN6@$PF_IFOUT allow-opts tagged rtt +pass in to $RTT_IN/24 allow-opts tag rtt +pass out route-to $RT_IN allow-opts tagged rtt +pass in to $RTT_IN6/64 allow-opts tag rtt +pass out route-to $RT_IN6 allow-opts tagged rtt
