Hello,
</snip>
> ----------------------------
> revision 1.294
> date: 2003/01/02 01:56:56; author: dhartmei; state: Exp; lines: +27 -49;
> When route-to/reply-to is used in combination with address translation,
> pf_test() may be called twice for the same packet. In this case, make
> sure the translation is only applied in the second call. This solves
> the problem with state insert failures where the second pf_test() call
> tried to insert another state entry after the first call's translation.
> ok henning@, mcbride@, thanks to Joe Nall for additional testing.
> ----------------------------
>
> I have tested your diffs in my setup, they all pass. I have not
> tested the scenario mentioned in the commit message. Note that the
> address translation implementation in 2003 was different from what
> we have now. And sasha@'s analysis shows that the current code is
> wrong in other use cases.
>
I've completely forgot there was a change in NAT. Therefore I could
not understand the commit message.
</snip>
>
> The only way to find out is to commit it. It reduces comlexity that
> noone understands.
>
> OK bluhm@ to remove the check
>
> Please leave the "if (pd->kif->pfik_ifp != ifp)" around pf_test()
> in pf_route() as it is for now.
I agree with bluhm@ here. we should proceed with small steps in such
case and let things to settle down before making next move.
thanks and
regards
sashan
