Diffusion FreeBSD src repository 7a372bded812

pf: make reply-to work with nat64
7a372bded812
Actions

Description

pf: make reply-to work with nat64

Just like route-to reply-to is problematic when used in combination with nat64.

In the normal (i.e. without nat64) flow we return immediately from pf_route().
However, with nat64 we need to continue and do a route lookup. In that case
we should not make the extra pf_test(PF_OUT) call to remain similar to the
non-nat64 flow.

We also have to fix the interface binding. We can only bind to the interface
after we've done the route lookup, not before.

Add a funcional test case, and a test for pfctl's rule printing.

Sponsored by: Rubicon Communications, LLC ("Netgate")

Details

Provenance

kp	Authored on Wed, Jan 22, 4:49 PM

Parents

rGca0e69345320: pf: cope with route-to on af-to rules

Branches

Unknown

Tags

Unknown

Event Timeline

kp committed rG7a372bded812: pf: make reply-to work with nat64 (authored by kp).Fri, Jan 24, 10:20 AM

Changes (7)

Path

Size

sbin/

pfctl/

parse.y

pfctl_parser.c

tests/

files/

pf1027.in

pf1027.ok

pfctl_test_list.inc

sys/

netpfil/

pf/

pf.c

tests/

sys/

netpfil/

pf/

nat64.sh

rG7a372bded812

View Options

sbin/pfctl/parse.y

View Options

sbin/pfctl/pfctl_parser.c

View Options

sbin/pfctl/tests/files/pf1027.in

View Options

sbin/pfctl/tests/files/pf1027.ok

View Options

sbin/pfctl/tests/pfctl_test_list.inc

View Options

sys/netpfil/pf/pf.c

View Options

tests/sys/netpfil/pf/nat64.sh

pf: make reply-to work with nat647a372bded812Actions

Description

Details

Event Timeline

Changes (7)

rG7a372bded812

sbin/pfctl/parse.y

sbin/pfctl/pfctl_parser.c

sbin/pfctl/tests/files/pf1027.in

sbin/pfctl/tests/files/pf1027.ok

sbin/pfctl/tests/pfctl_test_list.inc

sys/netpfil/pf/pf.c

tests/sys/netpfil/pf/nat64.sh

pf: make reply-to work with nat64
7a372bded812
Actions