artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 84624cb) | patch
handle "once" rules before letting pfsync defer tx of a packet.
authordlg <dlg@openbsd.org>
Thu, 28 Jan 2021 09:37:20 +0000 (09:37 +0000)
committerdlg <dlg@openbsd.org>
Thu, 28 Jan 2021 09:37:20 +0000 (09:37 +0000)
commit008d8c136577862aacffffbf6c5dc2e7a22998ff
treec005bfad670093ee1f9178b60c763f9d6db7a176tree | snapshot
parent84624cb151fe5a1b15f1facdb0896bc6f88f3359commit | diff
handle "once" rules before letting pfsync defer tx of a packet.

pfsync may want to defer the transmission of a packet. it does this so
it can try and get a state over to a peer firewall before a host may
send a reply to the peer, which would get dropped cos there's no
matching state.

i think the once rule processing should happen before that. the state
is created from the rule, whether the packet the state is for goes out
immediately or not shouldn't matter.

ok sashan@
sys/net/pf.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim