From: Alexandr Nedvedicky <sashan@fastmail.net>
Subject: Re: pf_route simplification, or pf_route vs pfsync
To: David Gwynne <david@gwynne.id.au>
Cc: Alexander Bluhm <alexander.bluhm@gmx.net>, tech@openbsd.org
Date: Sat, 13 Jul 2024 14:54:50 +0200

Hello,

On Thu, Jul 11, 2024 at 10:21:49PM +1000, David Gwynne wrote:
> On Tue, Jul 09, 2024 at 11:16:46AM +0200, Alexander Bluhm wrote:
> > regress sys/net/pf_forward shows that it breaks path MTU discovery
> > with pf route-to.
> 
> cool, thanks for trying it out.
> 
> > Unfortunately this regress test requires 4 machines and is hard to
> > set up.  But it covers a bunch of corner caes.
> 
> yes...
> 
> i had another look at the code and found that the pmtu stuff is
> handled by the caller of ip_output. when forwarding that's ip_forward,
> which does a route lookup which i hadn't updated to use the address
> from the mbuf tag pf sets. ip_forward fiddles with the route it
> found, which may be where this regression you found comes from.
> 
> i think i've addressed the stuff sashan@ pointed out too.

    yes, the updated diff looks good to me. I have no further
    questions/comments.

> 
> if you could have a look at this updated diff i'd appreciate it.
> if it still sucks i'll try setting up 4 machines.
> 

    This change is OK @sashan, but please give bluhm@ a chance
    to try out updated diff.

thanks and
regards
sashan