On Thu, Jan 28, 2021 at 08:09:36PM +0100, Alexander Bluhm wrote: > On Thu, Jan 28, 2021 at 09:57:33AM +1000, David Gwynne wrote: > > calling if_output with a route to a local IP is confusing, and I'm not > > sure it makes sense anyway. > > > > this treats a an RTF_LOCAL route like an invalid round and drops the > > packet. > > > > ok? > > Are you sure that it does not break any use case? I have seen so > much strange stuff. What is the advantage?
The current behaviour is lucky at best, and quirky at worst. Usually I would agree with you that breaking stuff isn't great, even if it's wrong, but while I'm changing how route-to etc works I think it's a good chance to clean up some of these edge cases. > > bluhm > > > Index: pf.c > > =================================================================== > > RCS file: /cvs/src/sys/net/pf.c,v > > retrieving revision 1.1104 > > diff -u -p -r1.1104 pf.c > > --- pf.c 27 Jan 2021 23:53:35 -0000 1.1104 > > +++ pf.c 27 Jan 2021 23:55:49 -0000 > > @@ -6054,7 +6054,7 @@ pf_route(struct pf_pdesc *pd, struct pf_ > > } > > > > rt = rtalloc(sintosa(dst), RT_RESOLVE, rtableid); > > - if (!rtisvalid(rt)) { > > + if (!rtisvalid(rt) || ISSET(rt->rt_flags, RTF_LOCAL)) { > > if (r->rt != PF_DUPTO) { > > pf_send_icmp(m0, ICMP_UNREACH, ICMP_UNREACH_HOST, > > 0, pd->af, s->rule.ptr, pd->rdomain); > > @@ -6213,7 +6213,7 @@ pf_route6(struct pf_pdesc *pd, struct pf > > if (IN6_IS_SCOPE_EMBED(&dst->sin6_addr)) > > dst->sin6_addr.s6_addr16[1] = htons(ifp->if_index); > > rt = rtalloc(sin6tosa(dst), RT_RESOLVE, rtableid); > > - if (!rtisvalid(rt)) { > > + if (!rtisvalid(rt) || ISSET(rt->rt_flags, RTF_LOCAL)) { > > if (r->rt != PF_DUPTO) { > > pf_send_icmp(m0, ICMP6_DST_UNREACH, > > ICMP6_DST_UNREACH_NOROUTE, 0,