[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: -current PF routing



On Mon, Nov 25, 2002 at 02:47:54PM +0100, Ed White wrote:
> reading http://www.openbsd.org/plus.html I found:
> 
> "When routing via pf(4), use the outgoing interface as decided by the normal
> routing code, not the interface to which the rule applies."
Looking at cvsweb for www/plus.html, this sentence was added with
r1.847. I guess it refers to sys/net/pf.c r1.246:
Revision 1.246 / Fri Oct 4 17:45:55 2002 UTC by ish 
Branch: MAIN 
Changes since 1.245: +11 -9 lines
[to the right branch this time]
To detect routing loops use the actual outgoing interface and not the
interface that the rule is to apply to (as there may not be one).
- noticed by [email protected]
- ok [email protected], [email protected]
This commit only fixed a deficiency in the loop detection for pf_route()
(which prevents you from creating an endless loop using multiple
route-to rules). It doesn't change any semantics for valid setups.
There have been no significant changes to route-to semantics since 3.2
at all.
Daniel