diff options
| author |   yasuoka <yasuoka@openbsd.org> | 2019-07-02 09:04:53 +0000 |
|---|---|---|
| committer | yasuoka <yasuoka@openbsd.org> | 2019-07-02 09:04:53 +0000 |
| commit | b4470a7bf787a11ce971643e7df7f69db5a3d1ba (patch) | |
| tree | a1fcd4d457008826dbb1063cd8a9a84dbd931cbc | |
| parent | Use IPL_TTY for locks used as arguments to spin_lock_irq() and (diff) | |
| download | wireguard-openbsd-b4470a7bf787a11ce971643e7df7f69db5a3d1ba.tar.xz wireguard-openbsd-b4470a7bf787a11ce971643e7df7f69db5a3d1ba.zip | |
When source address tracking record is used for "route-to", the next
hop interface configured with "route-to" was not used. Keep the
interface within the pf_src_node and use it when the record is used.
OK sashan
| -rw-r--r-- | sys/net/pf.c | 7 | ||||
| -rw-r--r-- | sys/net/pf_lb.c | 9 | ||||
| -rw-r--r-- | sys/net/pfvar.h | 4 |
3 files changed, 13 insertions, 7 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index bba58fed2d8..d40aacea574 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.1082 2019/07/01 12:13:51 yasuoka Exp $ */ +/* $OpenBSD: pf.c,v 1.1083 2019/07/02 09:04:53 yasuoka Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -542,7 +542,7 @@ pf_src_connlimit(struct pf_state **state) int pf_insert_src_node(struct pf_src_node **sn, struct pf_rule *rule, enum pf_sn_types type, sa_family_t af, struct pf_addr *src, - struct pf_addr *raddr) + struct pf_addr *raddr, struct pfi_kif *kif) { struct pf_src_node k; @@ -586,6 +586,7 @@ pf_insert_src_node(struct pf_src_node **sn, struct pf_rule *rule, } (*sn)->creation = time_uptime; (*sn)->rule.ptr->src_nodes++; + (*sn)->kif = kif; pf_status.scounters[SCNT_SRC_NODE_INSERT]++; pf_status.src_nodes++; } else { @@ -3881,7 +3882,7 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm, if (r->rule_flag & PFRULE_SRCTRACK && pf_insert_src_node(&ctx.sns[PF_SN_NONE], r, PF_SN_NONE, - pd->af, pd->src, NULL) != 0) { + pd->af, pd->src, NULL, NULL) != 0) { REASON_SET(&ctx.reason, PFRES_SRCLIMIT); goto cleanup; } diff --git a/sys/net/pf_lb.c b/sys/net/pf_lb.c index 174d5a721b7..255046e9446 100644 --- a/sys/net/pf_lb.c +++ b/sys/net/pf_lb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_lb.c,v 1.63 2018/12/10 16:48:15 kn Exp $ */ +/* $OpenBSD: pf_lb.c,v 1.64 2019/07/02 09:04:53 yasuoka Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -329,6 +329,10 @@ pf_map_addr_sticky(sa_family_t af, struct pf_rule *r, struct pf_addr *saddr, pf_print_host(naddr, 0, af); addlog("\n"); } + + if (sns[type]->kif != NULL) + rpool->kif = sns[type]->kif; + return (0); } @@ -618,7 +622,8 @@ pf_map_addr(sa_family_t af, struct pf_rule *r, struct pf_addr *saddr, pf_remove_src_node(sns[type]); sns[type] = NULL; } - if (pf_insert_src_node(&sns[type], r, type, af, saddr, naddr)) + if (pf_insert_src_node(&sns[type], r, type, af, saddr, naddr, + rpool->kif)) return (1); } diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 8f074821d28..d524f6eb2aa 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.490 2019/02/18 13:11:44 bluhm Exp $ */ +/* $OpenBSD: pfvar.h,v 1.491 2019/07/02 09:04:53 yasuoka Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1712,7 +1712,7 @@ extern int pf_state_insert(struct pfi_kif *, int pf_insert_src_node(struct pf_src_node **, struct pf_rule *, enum pf_sn_types, sa_family_t, struct pf_addr *, - struct pf_addr *); + struct pf_addr *, struct pfi_kif *); void pf_remove_src_node(struct pf_src_node *); struct pf_src_node *pf_get_src_node(struct pf_state *, enum pf_sn_types); |