HomeFreeBSD
Diffusion FreeBSD src repository 31828075e456

pf: bind route-to states to their route-to interface
31828075e456
Actions

Description

pf: bind route-to states to their route-to interface

When we route-to the state should be bound to the route-to interface,
not the default route interface. However, we should only do so for
outbound traffic, because inbound traffic should bind on the arriving
interface, not the one we eventually transmit on.

Explicitly check for this in BOUND_IFACE().

We must also extend pf_find_state(), because subsequent packets within
the established state will attempt to match the original interface, not
the route-to interface.

Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D43589

Details

Provenance
kpAuthored on Jan 25 2024, 10:16 AM
Differential Revision
D43589: pf: bind route-to states to their route-to interface
Parents
rGffeab76b6855: pfil: PFIL_PASS never frees the mbuf
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
sys/
netpfil/
pf/
tests/
sys/
netpfil/
pf/

rG31828075e456

View Options

sys/netpfil/pf/pf.c

Loading...
View Options

tests/sys/netpfil/pf/route_to.sh

Loading...