CVSROOT: /cvs
Module name: src
Changes by: sas...@cvs.openbsd.org 2023/05/10 16:42:51
Modified files:
sys/net : pf_lb.c pfvar_priv.h
Log message:
nat-to may fail to insert state due to conflict on chosen source
port number. This is typically indicated by 'wire key attach failed on...'
message when pf(4) debugging is enabled. The problem is caused by
glitch in pf_get_sport() which fails to discover conflict in advance.
In order to fix it we must also calculate toeplitz hash in
pf_get_sport() to initialize look up key properly.
the bug has been kindly reported by joosepm _von_ gmail _dot_ com
OK dlg@
