Kristof Provost 9925aee0aa pf: carry over rule actions from route-to rules ... If we route-to (or dup-to/reply-to) we re-run pf_test(), which will also create states for the connection. This means that we may end up matching a different (i.e. not the state that was created by the route-to rule) state, without the attributes (such as dummynet pipes/queues) set by the route-to rule. Address this by inheriting the pf_rule_actions from the route-to rule while evaluating the connection again in pf_test(). That is, we set default pf_rule_actions based on the route-to rule for the new evaluation. The new rule may still overrule these, but if it does not have such actions the route-to actions are applied. Do the same for IPv6 rules in pf_test6()/pf_route6(). See also: https://redmine.pfsense.org/issues/14039 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D40340		2023-06-02 16:05:30 +02:00
..
ipfilter/netinet	pfil: add pfil_mem_{in,out}() and retire pfil_run_hooks()	2023-02-14 10:02:49 -08:00
ipfw	spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD	2023-05-12 10:44:03 -06:00
pf	pf: carry over rule actions from route-to rules	2023-06-02 16:05:30 +02:00