Re: kern/53199: stateful npf

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,prlw1%cam.ac.uk@localhost
Subject: Re: kern/53199: stateful npf
From: Patrick Welche <prlw1%cam.ac.uk@localhost>
Date: Fri, 11 May 2018 15:30:01 +0000 (UTC)

The following reply was made to PR kern/53199; it has been noted by GNATS.

From: Patrick Welche <prlw1%cam.ac.uk@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: kern/53199: stateful npf
Date: Fri, 11 May 2018 16:28:25 +0100

 On Thu, May 10, 2018 at 10:35:01AM +0000, Patrick Welche wrote:
 >  >  Now it looks like a routing issue: "working" were all on a local network.
 >  >  I probably didn't think that through properly.

 I have the default route pointing to the internal interface. With npf,
 the webserver's reply gets the default route applied to it, so doesn't
 go through the external interface's rule, which contains the keep state
 rule.

 I just checked with ipf, and the reply from the webserver DOES go out
 of the external interface despite the default route pointing to the
 internal interface, so everything works as expected.

 Is this diffence in behaviour intended?

Prev by Date: PR/53267 CVS commit: src/sys/arch/xen/xen
Next by Date: port-sparc/53277: Many ubsan tests fail on sparc
Previous by Thread: Re: kern/53199: stateful npf
Next by Thread: Re: kern/53199: stateful npf
Indexes:

Home | Main Index | Thread Index | Old Index