Hello, </snip> > ---------------------------- > revision 1.294 > date: 2003/01/02 01:56:56; author: dhartmei; state: Exp; lines: +27 -49; > When route-to/reply-to is used in combination with address translation, > pf_test() may be called twice for the same packet. In this case, make > sure the translation is only applied in the second call. This solves > the problem with state insert failures where the second pf_test() call > tried to insert another state entry after the first call's translation. > ok henning@, mcbride@, thanks to Joe Nall for additional testing. > ---------------------------- > > I have tested your diffs in my setup, they all pass. I have not > tested the scenario mentioned in the commit message. Note that the > address translation implementation in 2003 was different from what > we have now. And sasha@'s analysis shows that the current code is > wrong in other use cases. >
I've completely forgot there was a change in NAT. Therefore I could not understand the commit message. </snip> > > The only way to find out is to commit it. It reduces comlexity that > noone understands. > > OK bluhm@ to remove the check > > Please leave the "if (pd->kif->pfik_ifp != ifp)" around pf_test() > in pf_route() as it is for now. I agree with bluhm@ here. we should proceed with small steps in such case and let things to settle down before making next move. thanks and regards sashan