On Mon, Feb 05, 2024 at 09:19:20PM +0000, Kristof Provost wrote: K> The branch main has been updated by kp: K> K> URL: https://cgit.FreeBSD.org/src/commit/?id=6d4a140acfdf637bb559d371c583e4db478e1549 K> K> commit 6d4a140acfdf637bb559d371c583e4db478e1549 K> Author: Igor Ostapenko <p...@igoro.pro> K> AuthorDate: 2024-02-05 16:22:31 +0000 K> Commit: Kristof Provost <k...@freebsd.org> K> CommitDate: 2024-02-05 21:18:11 +0000
The author should be Kajetan :( I guess you were working on several reviews at a time and had name in paste buffer. :( K> pf: Ensure that st->kif is obtained in a way which respects the r->rpool->mtx mutex K> K> The redirection pool stored in r->rpool.cur is used for loadbalancing K> and cur can change whenever loadbalancing happens, which is for every K> new connection. Therefore it can't be trusted outside of pf_map_addr() K> and the r->rpool->mtx mutex. After evaluating the ruleset, loadbalancing K> decission is made in pf_map_addr() called from within pf_create_state() K> and stored in the state itself. K> K> This patch modifies BOUND_IFACE() so that it only uses the information K> already stored in the state which has been obtained in a way which K> respects the r->rpool->mtx mutex. K> K> Reviewed by: kp K> Differential Revision: https://reviews.freebsd.org/D43741 -- Gleb Smirnoff