On Thu, Jan 28, 2021 at 09:57:33AM +1000, David Gwynne wrote: > calling if_output with a route to a local IP is confusing, and I'm not > sure it makes sense anyway. > > this treats a an RTF_LOCAL route like an invalid round and drops the > packet. > > ok?
Are you sure that it does not break any use case? I have seen so much strange stuff. What is the advantage? bluhm > Index: pf.c > =================================================================== > RCS file: /cvs/src/sys/net/pf.c,v > retrieving revision 1.1104 > diff -u -p -r1.1104 pf.c > --- pf.c 27 Jan 2021 23:53:35 -0000 1.1104 > +++ pf.c 27 Jan 2021 23:55:49 -0000 > @@ -6054,7 +6054,7 @@ pf_route(struct pf_pdesc *pd, struct pf_ > } > > rt = rtalloc(sintosa(dst), RT_RESOLVE, rtableid); > - if (!rtisvalid(rt)) { > + if (!rtisvalid(rt) || ISSET(rt->rt_flags, RTF_LOCAL)) { > if (r->rt != PF_DUPTO) { > pf_send_icmp(m0, ICMP_UNREACH, ICMP_UNREACH_HOST, > 0, pd->af, s->rule.ptr, pd->rdomain); > @@ -6213,7 +6213,7 @@ pf_route6(struct pf_pdesc *pd, struct pf > if (IN6_IS_SCOPE_EMBED(&dst->sin6_addr)) > dst->sin6_addr.s6_addr16[1] = htons(ifp->if_index); > rt = rtalloc(sin6tosa(dst), RT_RESOLVE, rtableid); > - if (!rtisvalid(rt)) { > + if (!rtisvalid(rt) || ISSET(rt->rt_flags, RTF_LOCAL)) { > if (r->rt != PF_DUPTO) { > pf_send_icmp(m0, ICMP6_DST_UNREACH, > ICMP6_DST_UNREACH_NOROUTE, 0,