On Thu, Jan 28, 2021 at 09:57:33AM +1000, David Gwynne wrote:
> calling if_output with a route to a local IP is confusing, and I'm not
> sure it makes sense anyway.
>
> this treats a an RTF_LOCAL route like an invalid round and drops the
> packet.
>
> ok?
Are you sure that it does not break any use case? I have seen so
much strange stuff. What is the advantage?
bluhm
> Index: pf.c
> ===================================================================
> RCS file: /cvs/src/sys/net/pf.c,v
> retrieving revision 1.1104
> diff -u -p -r1.1104 pf.c
> --- pf.c 27 Jan 2021 23:53:35 -0000 1.1104
> +++ pf.c 27 Jan 2021 23:55:49 -0000
> @@ -6054,7 +6054,7 @@ pf_route(struct pf_pdesc *pd, struct pf_
> }
>
> rt = rtalloc(sintosa(dst), RT_RESOLVE, rtableid);
> - if (!rtisvalid(rt)) {
> + if (!rtisvalid(rt) || ISSET(rt->rt_flags, RTF_LOCAL)) {
> if (r->rt != PF_DUPTO) {
> pf_send_icmp(m0, ICMP_UNREACH, ICMP_UNREACH_HOST,
> 0, pd->af, s->rule.ptr, pd->rdomain);
> @@ -6213,7 +6213,7 @@ pf_route6(struct pf_pdesc *pd, struct pf
> if (IN6_IS_SCOPE_EMBED(&dst->sin6_addr))
> dst->sin6_addr.s6_addr16[1] = htons(ifp->if_index);
> rt = rtalloc(sin6tosa(dst), RT_RESOLVE, rtableid);
> - if (!rtisvalid(rt)) {
> + if (!rtisvalid(rt) || ISSET(rt->rt_flags, RTF_LOCAL)) {
> if (r->rt != PF_DUPTO) {
> pf_send_icmp(m0, ICMP6_DST_UNREACH,
> ICMP6_DST_UNREACH_NOROUTE, 0,
