CalvinBackup/ctrld
1
0
Fork 0
mirror of https://github.com/Control-D-Inc/ctrld.git synced 2026-04-20 00:36:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

docs: port IPv6 learnings and comment fixes to master

Browse Source 
- Update comment in ensurePFAnchorReference: pfctl -sn returns
  rdr-anchor only (nat-anchor not used by ctrld)
- Update nat-anchor table entry in pf-dns-intercept.md
- Add pf nuances 10-16 from investigation: cross-AF redirect,
  block return, sendmsg EINVAL, nat-on-lo0, raw sockets, DIOCNATLOOK,
  and the pragmatic IPv6 block solution
This commit is contained in:
Codescribe
2026-04-01 06:59:09 -04:00
committed by Cuong Manh Le
parent a430372bab
commit 3548947ef0
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/cli/dns_intercept_darwin.go
+1 -1
View File
@@ -310,7 +310,7 @@ func (p *prog) startDNSIntercept() error {
// options → normalization (scrub) → queueing → translation (nat/rdr) → filtering (pass/block/anchor)
//
// "pfctl -sr" returns BOTH scrub-anchor (normalization) AND anchor/pass/block (filter) rules.
// "pfctl -sn" returns nat-anchor AND rdr-anchor (translation) rules.
// "pfctl -sn" returns rdr-anchor (translation) rules.
// Both commands emit "No ALTQ support in kernel" warnings on stderr.
//
// We must reassemble in correct order: scrub → nat/rdr → filter.