Index | Thread | Search

From:
Alexandr Nedvedicky <sashan@fastmail.net>
Subject:
'pfctl -K' patch from Olivier Croquin
To:
tech@openbsd.org
Cc:
Olivier Croquin <ocroquin@gmail.com>
Date:
Thu, 1 Feb 2024 01:07:59 +0100

Download raw body.

Thread 
Hello,

the same patch below has been sent by Olivier Croquin to bugs [1]
few days ago. The change makes sense. any one interested to
give it OK?

the change fixes a copy'n'paste typo.

If I understand things right one might need to run command below:

    pfctl -K 192.168.1.10 -K 185.91.168.27

to destroy 'sticky' mappings for 192.168.1.10 created by nat-to/rdr-to
rule. This is the only place where we call pf_insert_src_node() with
both addresses (src, dst) set (snippet comes from pf_lb.c):

653         if (rpool->opts & PF_POOL_STICKYADDR) {
654                 if (sns[type] != NULL) {
655                         pf_remove_src_node(sns[type]);
656                         sns[type] = NULL;
657                 }
658                 if (pf_insert_src_node(&sns[type], r, type, af, saddr, naddr,
659                     rpool->kif))
660                         return (1);
661         }

thanks and
regards
sashan

[1] https://marc.info/?l=openbsd-bugs&m=170654976310890&w=2
--------8<---------------8<---------------8<------------------8<--------
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index ece39d2105c..e81dd7c06d1 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -514,7 +514,7 @@ pfctl_kill_src_nodes(int dev, int opts)

 				dests++;

-				copy_satopfaddr(&psnk.psnk_src.addr.v.a.addr,
+				copy_satopfaddr(&psnk.psnk_dst.addr.v.a.addr,
 				    resp[1]->ai_addr);

 				if (ioctl(dev, DIOCKILLSRCNODES, &psnk) == -1)