From owner-freebsd-pf@FreeBSD.ORG Mon May 2 21:41:56 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0EB7016A4CF for ; Mon, 2 May 2005 21:41:56 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 77E5C43D73 for ; Mon, 2 May 2005 21:41:55 +0000 (GMT) (envelope-from leccine@gmail.com) Received: by rproxy.gmail.com with SMTP id j1so953004rnf for ; Mon, 02 May 2005 14:41:55 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:x-accept-language:mime-version:to:subject:content-type:content-transfer-encoding; b=KGbhKYY22/vXq1CJO5BzsG1EwjJF55/wdTt6pBrbVZZkYbvuNYjE48HtF7IleoJKl+A12RJkjoEEfqkTjJgSPqYrnSftstWc33XUUOcVqa+We5/QVmqODxAkpJWZ8wLNmcIWEYNb1ETeu94DOI2ju54iLBAxodCeAlr3FAxUmVg= Received: by 10.38.11.53 with SMTP id 53mr5880794rnk; Mon, 02 May 2005 14:41:54 -0700 (PDT) Received: from ?192.168.0.2? ([80.99.193.37]) by mx.gmail.com with ESMTP id i1sm113310rne.2005.05.02.14.41.54; Mon, 02 May 2005 14:41:54 -0700 (PDT) Message-ID: <42769E9A.4060509@gmail.com> Date: Mon, 02 May 2005 23:41:46 +0200 From: =?ISO-8859-2?Q?Szuk=E1cs_Istv=E1n?= User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; hu-HU; rv:1.7.5) Gecko/20041217 X-Accept-Language: hu, en-us MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit Subject: pf altq question X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 21:41:56 -0000 Hi! I have a little problem with the pf altq, ihave a freebsd GW at home. I use pf for nat and for packet filtering, very good and simple tool. machine1------- (litch) | |-------------fxp0 (GW)rl0----INTERNET machine2------- (zoli) The problem is that I run samba on the GW(listen only for the internal net), and if i define an 1500Kb/s queue (my dl speed) it is limit my samba access too not only packets from the internet, if i define 100Mb/s queue everything go in the default queue and i dont limit the traffic. Here is the config [23:23:40] itthon litch # uname -a FreeBSD itthon 5.3-RELEASE-p10 FreeBSD 5.3-RELEASE-p10 #5: Thu Apr 28 15:15:48 CEST 2005 cat /et/pf.conf ext_if = "rl0" int_if = "fxp0" lan_net = "192.168.0.0/24" litch = "192.168.0.2" #me zoli = "192.168.0.3" #my room mate altq on $int_if cbq bandwidth 100Mb queue { internal, litch_in, zoli_in } queue internal bandwidth 100Mb cbq(default) queue zoli_in bandwidth 750Kb cbq(borrow) queue litch_in bandwidth 750Kb cbq(borrow) nat on $ext_if from $lan_net to any -> ($ext_if) block all pass out quick on $int_if from 192.168.0.1 to any queue belso pass out quick on $int_if from !192.168.0.1 to $litch queue litch_in pass out quick on $int_if from !192.168.0.1 to $zoli queue zoli_in queue root_fxp0 bandwidth 100Mb priority 0 cbq( wrr root ) {belso, zoli_in, litch_in} [ pkts: 3891 bytes: 2718688 dropped pkts: 0 bytes: 0 ] [ qlength: 0/ 50 borrows: 0 suspends: 0 ] [ measured: 120.2 packets/s, 1.02Mb/s ] queue belso bandwidth 100Mb cbq( default ) [ pkts: 3891 bytes: 2718688 dropped pkts: 0 bytes: 0 ] [ qlength: 0/ 50 borrows: 0 suspends: 0 ] [ measured: 120.2 packets/s, 1.02Mb/s ] queue zoli_in bandwidth 750Kb cbq( borrow ) [ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0 ] [ qlength: 0/ 50 borrows: 0 suspends: 0 ] [ measured: 0.0 packets/s, 0 b/s ] queue litch_in bandwidth 750Kb cbq( borrow ) [ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0 ] [ qlength: 0/ 50 borrows: 0 suspends: 0 ] [ measured: 0.0 packets/s, 0 b/s ] When I check in the tcpdump i see this [23:38:22] itthon litch # tcpdump -i fxp0 |grep litch (litch.intra.net=192.168.0.2) 23:38:22.240368 IP litch.intra.net.2469 > yp.tilos.hu.8000: . ack 86079 win 63430 23:38:22.276290 IP yp.tilos.hu.8000 > litch.intra.net.2469: P 86079:86506(427) ack 1 win 5840 23:38:22.285881 IP yp.tilos.hu.8000 > litch.intra.net.2469: P 86506:86897(391) ack 1 win 5840 23:38:22.286408 IP litch.intra.net.2469 > yp.tilos.hu.8000: . ack 86897 win 64240 23:38:22.318423 IP yp.tilos.hu.8000 > litch.intra.net.2469: P 86897:87322(425) ack 1 win 5840 What can i do to match the packets in the queue? Thanks From owner-freebsd-pf@FreeBSD.ORG Mon May 2 23:02:10 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3EF6816A4CE for ; Mon, 2 May 2005 23:02:10 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id B868243D4C for ; Mon, 2 May 2005 23:02:09 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.155] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1DSjvV-0008B1-00 for freebsd-pf@freebsd.org; Tue, 03 May 2005 01:02:09 +0200 Received: from [84.163.248.28] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1DSjvU-0007Mk-00 for freebsd-pf@freebsd.org; Tue, 03 May 2005 01:02:08 +0200 From: Max Laier To: freebsd-pf@freebsd.org Date: Tue, 3 May 2005 01:02:01 +0200 User-Agent: KMail/1.8 References: <200504200112.41260.max@love2party.net> <200504272024.41241.max@love2party.net> In-Reply-To: <200504272024.41241.max@love2party.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart21864930.6pLtz4YrSK"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200505030102.06921.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Last call: PF 3.7 - test reports X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 23:02:10 -0000 --nextPart21864930.6pLtz4YrSK Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline > On Wednesday 20 April 2005 01:12, I wrote: > > All, > > > > at: > > http://people.freebsd.org/~mlaier/pf37/ > > > > you will find the first shot at the long awaited import of a new version > > of pf. This is level with what is likely to be shipped as OpenBSD 3.7 > > and includes *most* of the features. I am going to commit this tomorrow during the day. If you found anything (= no=20 matter if you have proof or not) now is the time to scream. Otherwise will= =20 fix it once committed. Thanks to all who provided feedback already=20 especially to Scott for taking it out on pfsense. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart21864930.6pLtz4YrSK Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCdrFuXyyEoT62BG0RAuKVAJ0RuFPHgGkEtwhQS1MIpr+bO6ED9ACfVJZ4 Xii33TVfB6XCcvBf6FjiPHw= =t3Lr -----END PGP SIGNATURE----- --nextPart21864930.6pLtz4YrSK-- From owner-freebsd-pf@FreeBSD.ORG Tue May 3 13:21:48 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A50DE16A4CE for ; Tue, 3 May 2005 13:21:48 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 17F6343D46 for ; Tue, 3 May 2005 13:21:48 +0000 (GMT) (envelope-from sullrich@gmail.com) Received: by rproxy.gmail.com with SMTP id a41so1074419rng for ; Tue, 03 May 2005 06:21:46 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=hPKfwKbRQUhLziUAp0GEy+cWrg/5PLPGPyRt/Qi5nnVIM1V/6sCfIA1QkLThYfLJdePuLQnG0APyd3EmlmhtHzeTKKd0DBosCBJiEGKUdKsjipMwYXFFgoJrySYjvzds+75uqJNuKwb0IJ6TXGfhIiRvzGZd0+ZDYEEPnkQcSts= Received: by 10.38.72.30 with SMTP id u30mr7439791rna; Tue, 03 May 2005 06:21:46 -0700 (PDT) Received: by 10.38.207.53 with HTTP; Tue, 3 May 2005 06:21:46 -0700 (PDT) Message-ID: Date: Tue, 3 May 2005 09:21:46 -0400 From: Scott Ullrich To: Max Laier In-Reply-To: <200505030102.06921.max@love2party.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <200504200112.41260.max@love2party.net> <200504272024.41241.max@love2party.net> <200505030102.06921.max@love2party.net> cc: freebsd-pf@freebsd.org Subject: Re: Last call: PF 3.7 - test reports X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Scott Ullrich List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 May 2005 13:21:48 -0000 On 5/2/05, Max Laier wrote: > I am going to commit this tomorrow during the day. If you found anything= (no > matter if you have proof or not) now is the time to scream. Otherwise wi= ll > fix it once committed. Thanks to all who provided feedback already > especially to Scott for taking it out on pfsense. So far its been running good for us! Scott From owner-freebsd-pf@FreeBSD.ORG Tue May 3 17:54:29 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 075C716A4CE; Tue, 3 May 2005 17:54:29 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2077243D4C; Tue, 3 May 2005 17:54:28 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.209] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1DT1b9-00048I-00; Tue, 03 May 2005 19:54:19 +0200 Received: from [84.163.248.28] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1DT1b9-0007wj-00; Tue, 03 May 2005 19:54:19 +0200 From: Max Laier To: freebsd-current@freebsd.org Date: Tue, 3 May 2005 19:54:07 +0200 User-Agent: KMail/1.8 References: <200505031604.21311.max@love2party.net> In-Reply-To: <200505031604.21311.max@love2party.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart7966022.gMle5gaqeY"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200505031954.13739.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: freebsd-pf@freebsd.org Subject: HEADSUP: pf import [done] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 May 2005 17:54:29 -0000 --nextPart7966022.gMle5gaqeY Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline All, the import went through smoothly and you should be able to get it from a=20 cvs(up) server near you by now. Some general, random notes: 1) Anchor syntax changed | Users of authpf(8) must change their anchor rule in the main ruleset from= =20 | anchor authpf | to=20 | anchor "authpf/*" 2) pfsync takes syncdev instead of syncif: When configuring the pfsync devi= ce,=20 use 'syncdev' instead of the deprecated keyword 'syncif'.=20 3) authpf(8) needs a mounted fdescfs(5) 4) synproxy no longer works on outgoing rules (it never should have) 5) The code has been tested, but there is always a chance that some bugs=20 remain unfound. If you spot anything, please let me know. =46eatures that are in OpenBSD, but not yet in FreeBSD: =A0- Filtering on route labels (we don't have any). =A0- Return-rst on IP-less bridges (bridge support is still behind; There i= s=20 =A0 =A0work ongoing to improve this as well, though.). =A0- Congestion prevention/graceful comeback (subject to future work). New features (from the OpenBSD release announcements): =A0+ pfctl(8) now provides a rules optimizer to help improve filtering spee= d. =A0+ pf, now supports nested anchors. =A0+ Support limiting TCP connections by establishment rate, automatically= =20 =A0 =A0adding flooding IP addresses to tables and flushing states=20 =A0 =A0(max-src-conn-rate, overload , flush global). =A0+ Improved functionality of tags (tag and tagged for translation rules,= =20 =A0 =A0tagging of all packets matching state entries). =A0+ Improved diagnostics (error messages and additional counters from=20 =A0 =A0pfctl -si). =A0+ New keyword set skip on to skip filtering on arbitrary interfaces, lik= e=20 =A0 =A0loopback.=20 =A0+ Several bugfixes improving stability. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart7966022.gMle5gaqeY Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCd7rFXyyEoT62BG0RAtG4AJwKRRYofzlzjpaY7CSC5sEuwJ39eACfVqP6 XuZmvJGkimabGZqtx9jSgfs= =0r0a -----END PGP SIGNATURE----- --nextPart7966022.gMle5gaqeY-- From owner-freebsd-pf@FreeBSD.ORG Wed May 4 00:35:58 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 53D8816A4CF for ; Wed, 4 May 2005 00:35:58 +0000 (GMT) Received: from smtp02.net-yan.com (smtp02.hgcbroadband.com [210.0.255.157]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F63743D5E for ; Wed, 4 May 2005 00:35:56 +0000 (GMT) (envelope-from sam.wun@tech-21.com.hk) Received: (qmail 52898 invoked from network); 4 May 2005 00:35:53 -0000 Received: from unknown (HELO [192.168.4.235]) (samwun@hgcbroadband.com@[221.126.243.95]) (envelope-sender ) by localhost (qmail-ldap-1.03) with SMTP for ; 4 May 2005 00:35:53 -0000 Message-ID: <427818E0.2070702@tech-21.com.hk> Date: Wed, 04 May 2005 08:35:44 +0800 From: sam User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616 X-Accept-Language: en-us, en MIME-Version: 1.0 References: <200505031604.21311.max@love2party.net> <200505031954.13739.max@love2party.net> In-Reply-To: <200505031954.13739.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-current@freebsd.org cc: freebsd-pf@freebsd.org Subject: Re: HEADSUP: pf import [done] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 00:35:58 -0000 Max Laier wrote: >All, > >the import went through smoothly and you should be able to get it from a >cvs(up) server near you by now. Some general, random notes: > >1) Anchor syntax changed >| Users of authpf(8) must change their anchor rule in the main ruleset from >| anchor authpf >| to >| anchor "authpf/*" > >2) pfsync takes syncdev instead of syncif: When configuring the pfsync device, >use 'syncdev' instead of the deprecated keyword 'syncif'. >3) authpf(8) needs a mounted fdescfs(5) >4) synproxy no longer works on outgoing rules (it never should have) >5) The code has been tested, but there is always a chance that some bugs >remain unfound. If you spot anything, please let me know. > >Features that are in OpenBSD, but not yet in FreeBSD: > - Filtering on route labels (we don't have any). > - Return-rst on IP-less bridges (bridge support is still behind; There is > work ongoing to improve this as well, though.). > - Congestion prevention/graceful comeback (subject to future work). > >New features (from the OpenBSD release announcements): > + pfctl(8) now provides a rules optimizer to help improve filtering speed. > + pf, now supports nested anchors. > + Support limiting TCP connections by establishment rate, automatically > adding flooding IP addresses to tables and flushing states > (max-src-conn-rate, overload
, flush global). > + Improved functionality of tags (tag and tagged for translation rules, > tagging of all packets matching state entries). > + Improved diagnostics (error messages and additional counters from > pfctl -si). > + New keyword set skip on to skip filtering on arbitrary interfaces, like > loopback. > + Several bugfixes improving stability. > > > Is the new import included in 5.4 Release? Sam From owner-freebsd-pf@FreeBSD.ORG Wed May 4 00:48:02 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A84C216A4CE; Wed, 4 May 2005 00:48:02 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 59ED643D73; Wed, 4 May 2005 00:48:02 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1DT83V-0006Jl-00; Wed, 04 May 2005 02:48:01 +0200 Received: from [84.163.252.110] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1DT83U-0003VJ-00; Wed, 04 May 2005 02:48:01 +0200 From: Max Laier To: freebsd-current@freebsd.org Date: Wed, 4 May 2005 02:48:23 +0200 User-Agent: KMail/1.8 References: <200505031604.21311.max@love2party.net> <200505031954.13739.max@love2party.net> <427818E0.2070702@tech-21.com.hk> In-Reply-To: <427818E0.2070702@tech-21.com.hk> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart4070643.Hjzg6TYpzi"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200505040248.34607.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: sam cc: freebsd-pf@freebsd.org Subject: Re: HEADSUP: pf import [done] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 00:48:02 -0000 --nextPart4070643.Hjzg6TYpzi Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 04 May 2005 02:35, sam wrote: > Is the new import included in 5.4 Release? No it isn't and it will not be MFCed to RELENG_5. This import breaks API/A= BI=20 for both kernel and userland and thus is not allowed for MFC to a STABLE=20 branch. I will post patches to get it to RELENG_5 (the earlier patch[1] is just fin= e,=20 actually). [1] http://people.freebsd.org/~mlaier/pf37/pf37.20050429.tar.gz =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart4070643.Hjzg6TYpzi Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCeBviXyyEoT62BG0RAonBAJ0RGF3nwaz+FHIT3dIhs0iUAuYQvQCferB3 Ja94pkyGqQ0PjNlGNHXufTM= =Vg/r -----END PGP SIGNATURE----- --nextPart4070643.Hjzg6TYpzi-- From owner-freebsd-pf@FreeBSD.ORG Wed May 4 06:02:01 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 21D2716A4CE; Wed, 4 May 2005 06:02:01 +0000 (GMT) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B6D143D55; Wed, 4 May 2005 06:02:00 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.44 #0 (FreeBSD 4.11-STABLE)) id 1DTCx3-00083j-JH by authid ; Wed, 04 May 2005 09:01:41 +0300 Date: Wed, 4 May 2005 09:01:41 +0300 From: Odhiambo Washington To: freebsd-pf@freebsd.org, freebsd-current@freebsd.org Message-ID: <20050504060141.GC57356@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , freebsd-pf@freebsd.org, freebsd-current@freebsd.org References: <200505031604.21311.max@love2party.net> <200505031954.13739.max@love2party.net> <427818E0.2070702@tech-21.com.hk> <200505040248.34607.max@love2party.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <200505040248.34607.max@love2party.net> X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.9i (2005-03-13) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.9i Subject: Re: HEADSUP: pf import [done] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 06:02:01 -0000 * Max Laier [20050504 03:49]: wrote: > On Wednesday 04 May 2005 02:35, sam wrote: > > Is the new import included in 5.4 Release? >=20 > No it isn't and it will not be MFCed to RELENG_5. This import breaks API= /ABI=20 > for both kernel and userland and thus is not allowed for MFC to a STABLE= =20 > branch. >=20 > I will post patches to get it to RELENG_5 (the earlier patch[1] is just f= ine,=20 > actually). >=20 > [1] http://people.freebsd.org/~mlaier/pf37/pf37.20050429.tar.gz I am a being a bit dense... I run 5.4-STABLE (as in RELENG_5) via cvsup. I've downloaded the above patch and read the instructions and followed, but something is not clear. This is what I've done: mv /usr/src/contrib/pf /usr/src/contrib/pf.old mv /usr/src/sys/contrib/pf /usr/src/sys/contrib/pf.old cp -R contrib/pf/ /usr/src/contrib/pf cp -R sys/contrib/pf /usr/src/sys/contrib/pf cd /usr/src patch -p < ~wash/PROJECTS/PF/pf37.Makefiles.patch =2E.but the instructions say that I should Apply "pf37.*.patch". Where are the other Apply pf37.*.patch other than pf37.Makefiles.patch ?? Have I really done the right thing or have I missed something? TIA -Wash http://www.netmeister.org/news/learn2quote.html -- +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ It's a very *__=08=08UN*lucky week in which to be took dead. -- Churchy La Femme From owner-freebsd-pf@FreeBSD.ORG Wed May 4 12:21:59 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9479F16A4CE for ; Wed, 4 May 2005 12:21:59 +0000 (GMT) Received: from host130-93.pool8019.interbusiness.it (host130-93.pool8019.interbusiness.it [80.19.93.130]) by mx1.FreeBSD.org (Postfix) with SMTP id D198C43D6A for ; Wed, 4 May 2005 12:21:57 +0000 (GMT) (envelope-from pierguido.lambri@lugpiacenza.org) Message-ID: <4278C045.9050802@lugpiacenza.org> Date: Wed, 04 May 2005 14:29:57 +0200 From: pier MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 8bit Subject: Pf patch X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 12:21:59 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi all. I'm trying to apply the patch for pf3.7. It compile everything until comes to pfsync It gives me this error: cc -O -pipe -march=pentiumpro -DUSE_IF_MEDIA -DINET6 -DUSE_VLANS - -DUSE_IEEE80211 -DUSE_CARP -DUSE_MAC -DUSE_PFSYNC -DNS -Wall - -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wnested-externs -I.. - -DRESCUE -c /usr/src/sbin/ifconfig/ifpfsync.c /usr/src/sbin/ifconfig/ifpfsync.c:51: warning: no previous prototype for 'setpfsync_syncif' /usr/src/sbin/ifconfig/ifpfsync.c: In function `pfsync_status': /usr/src/sbin/ifconfig/ifpfsync.c:168: error: structure has no member named `pfsyncr_syncif' /usr/src/sbin/ifconfig/ifpfsync.c:170: error: structure has no member named `pfsyncr_syncif' *** Error code 1 Stop in /usr/src/sbin/ifconfig. *** Error code 1 Stop in /usr/obj/usr/src/rescue/rescue. *** Error code 1 Stop in /usr/src/rescue/rescue. *** Error code 1 Stop in /usr/src/rescue. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 I've already treid to remove everything and re-patch the source...but always the same error. My uname: FreeBSD free 5.4-STABLE-20050429-JPSNAP FreeBSD 5.4-STABLE-20050429-JPSNAP #3: Mon May 2 17:10:03 CEST 2005 pier@free:/usr/obj/usr/src/sys/WORK i386 What can i do? Pier - -- Un uomo saggio impara dall' esperienza. Un uomo ancora pił saggio impara dall'esperienza degli altri -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCeMBE0EvuLV/O0yoRAleBAKD0r45xA5F1RBkRNyCVv8lHrkcwiwCgmYWD el0WnoeO3p19zn4D0fW4cD8= =WQiw -----END PGP SIGNATURE----- From owner-freebsd-pf@FreeBSD.ORG Wed May 4 13:26:54 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F11DE16A4CF for ; Wed, 4 May 2005 13:26:54 +0000 (GMT) Received: from host130-93.pool8019.interbusiness.it (host130-93.pool8019.interbusiness.it [80.19.93.130]) by mx1.FreeBSD.org (Postfix) with SMTP id 739A243D78 for ; Wed, 4 May 2005 13:26:53 +0000 (GMT) (envelope-from pierguido.lambri@lugpiacenza.org) Message-ID: <4278CF8F.3030105@lugpiacenza.org> Date: Wed, 04 May 2005 15:35:11 +0200 From: pier MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <4278C045.9050802@lugpiacenza.org> In-Reply-To: <4278C045.9050802@lugpiacenza.org> Content-Type: multipart/mixed; boundary="------------050106000005050708050209" X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Re: Pf patch X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 13:26:55 -0000 This is a multi-part message in MIME format. --------------050106000005050708050209 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 pier wrote: > hi all. > I'm trying to apply the patch for pf3.7. > It compile everything until comes to pfsync > It gives me this error: > > > cc -O -pipe -march=pentiumpro -DUSE_IF_MEDIA -DINET6 -DUSE_VLANS > -DUSE_IEEE80211 -DUSE_CARP -DUSE_MAC -DUSE_PFSYNC -DNS -Wall > -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wnested-externs -I.. [...] Now i'm noticed these rejects: Patching file ifpfsync.c using Plan A... Hunk #1 succeeded at 35. Hunk #2 failed at 46. Hunk #3 succeeded at 60 (offset -5 lines). Hunk #4 succeeded at 78 (offset -5 lines). Hunk #5 failed at 168. 2 out of 5 hunks failed--saving rejects to ifpfsync.c.rej done Patching file ifpfsync.c using Plan A... Reversed (or previously applied) patch detected! Assume -R? [y] y Hunk #1 succeeded at 35. Hunk #2 failed at 45. Hunk #3 succeeded at 55. Hunk #4 succeeded at 72. Hunk #5 failed at 109. 2 out of 5 hunks failed--saving rejects to ifpfsync.c.rej done I attach also the two rejects files Thanx Pier - -- Un uomo saggio impara dall' esperienza. Un uomo ancora pił saggio impara dall'esperienza degli altri -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCeM+P0EvuLV/O0yoRAtcRAKDpm/yOQDPIKzyGIpsewV6wYsp/ZgCg1BB6 BB74QWofHYwLE6qu4Wx9JRA= =obqz -----END PGP SIGNATURE----- --------------050106000005050708050209 Content-Type: text/plain; name="ifpfsync.c.rej.orig" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ifpfsync.c.rej.orig" *************** *** 44,56 **** #include "ifconfig.h" - void setpfsync_syncif(const char *, int, int, const struct afswtch *rafp); - void unsetpfsync_syncif(const char *, int, int, const struct afswtch *rafp); - void setpfsync_maxupd(const char *, int, int, const struct afswtch *rafp); void pfsync_status(int); void - setpfsync_syncif(const char *val, int d, int s, const struct afswtch *rafp) { struct pfsyncreq preq; --- 46,61 ---- #include "ifconfig.h" + void setpfsync_syncdev(const char *, int, int, const struct afswtch *); + void unsetpfsync_syncdev(const char *, int, int, const struct afswtch *); + void setpfsync_syncpeer(const char *, int, int, const struct afswtch *); + void unsetpfsync_syncpeer(const char *, int, int, const struct afswtch *); + void setpfsync_syncpeer(const char *, int, int, const struct afswtch *); + void setpfsync_maxupd(const char *, int, int, const struct afswtch *); void pfsync_status(int); void + setpfsync_syncdev(const char *val, int d, int s, const struct afswtch *rafp) { struct pfsyncreq preq; *************** *** 109,124 **** if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1) return; - if (preq.pfsyncr_syncif[0] != '\0') { - printf("\tpfsync: syncif: %s maxupd: %d\n", - preq.pfsyncr_syncif, preq.pfsyncr_maxupdates); } } static struct cmd pfsync_cmds[] = { - DEF_CMD_ARG("syncif", setpfsync_syncif), - DEF_CMD_ARG("maxupd", setpfsync_maxupd), - DEF_CMD("-syncif", 1, unsetpfsync_syncif), }; static struct afswtch af_pfsync = { .af_name = "af_pfsync", --- 168,190 ---- if (ioctl(s, SIOCGETPFSYNC, (caddr_t)&ifr) == -1) return; + if (preq.pfsyncr_syncdev[0] != '\0') { + printf("\tpfsync: syncdev: %s ", preq.pfsyncr_syncdev); + if (preq.pfsyncr_syncpeer.s_addr != INADDR_PFSYNC_GROUP) + printf("syncpeer: %s ", + inet_ntoa(preq.pfsyncr_syncpeer)); + printf("maxupd: %d\n", preq.pfsyncr_maxupdates); } } static struct cmd pfsync_cmds[] = { + DEF_CMD_ARG("syncdev", setpfsync_syncdev), + DEF_CMD("-syncdev", 1, unsetpfsync_syncdev), + DEF_CMD_ARG("syncif", setpfsync_syncdev), + DEF_CMD("-syncif", 1, unsetpfsync_syncdev), + DEF_CMD_ARG("syncpeer", setpfsync_syncpeer), + DEF_CMD("-syncpeer", 1, unsetpfsync_syncpeer), + DEF_CMD_ARG("maxupd", setpfsync_maxupd) }; static struct afswtch af_pfsync = { .af_name = "af_pfsync", --------------050106000005050708050209-- From owner-freebsd-pf@FreeBSD.ORG Wed May 4 13:31:50 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E62716A4D0 for ; Wed, 4 May 2005 13:31:50 +0000 (GMT) Received: from smtp02.net-yan.com (smtp02.hgcbroadband.com [210.0.255.157]) by mx1.FreeBSD.org (Postfix) with ESMTP id A270F43D1D for ; Wed, 4 May 2005 13:31:48 +0000 (GMT) (envelope-from sam.wun@tech-21.com.hk) Received: (qmail 56810 invoked from network); 4 May 2005 13:31:26 -0000 Received: from unknown (HELO [10.1.184.15]) (samwun@hgcbroadband.com@[221.127.170.22]) (envelope-sender ) by localhost (qmail-ldap-1.03) with SMTP for ; 4 May 2005 13:31:26 -0000 Message-ID: <4278CEA4.2030609@tech-21.com.hk> Date: Wed, 04 May 2005 21:31:16 +0800 From: sam User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-pf@freebsd.org, freebsd-current@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: PF blocking Pass rules X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 13:31:50 -0000 Hi, I don't know what happened, I just setup an internal LAN firewall using PF (v3.6). The PF firewall has defaultrouter setup to the external firewall (facing the internet). All my PCs have default gateway setup to the PF firewall. When I start downloading an iso file from some wetsite, the first 13% was fine, then PF firewall suddenly start blocking the traffic from my PC to the external website where I am downloading the file. After a while (about 6 minutes), my download resumed, and stop for 5 mintues, then resumed.... Here are the running rules loaded into the memory in the PF firewall: root@intgw2:/usr/local/etc# pfctl -sr block drop in log all pass quick on xl0 proto pfsync all pass in on fxp0 inet proto carp from 10.1.254.250 to any keep state pass in on fxp1 inet proto carp from 10.3.254.250 to any keep state pass in on fxp0 inet proto tcp from 10.1.0.0/16 to any flags S/SA keep state pass in on fxp0 proto tcp from any to any port 13:156 flags S/SA keep state pass in on fxp0 proto tcp from any to any port 1024:60000 flags S/SA keep state pass in on fxp0 proto udp from any to any port 1024:60000 keep state pass in on fxp0 inet proto udp from 10.1.0.0/16 to any keep state pass in on fxp0 inet proto tcp from any to 255.255.255.255 keep state pass in on fxp0 inet proto udp from any to 255.255.255.255 keep state pass in on fxp0 inet proto tcp from any to 10.1.255.255 keep state pass in on fxp0 inet proto udp from any to 10.1.255.255 keep state pass in on fxp1 proto udp from any to any port 13:156 keep state pass in on fxp1 proto udp from any to any port 1024:60000 keep state pass in on fxp1 inet proto tcp from any to 255.255.255.255 keep state pass in on fxp1 inet proto udp from any to 255.255.255.255 keep state pass in on fxp1 inet proto tcp from any to 10.3.255.255 keep state pass in on fxp1 inet proto udp from any to 10.3.255.255 keep state pass out quick on fxp0 all keep state pass out quick on fxp1 all keep state Some of the block evens are logged as followed: .... 000017 rule 0/0(match): block in on fxp0: IP 10.1.184.15.4156 > 195.141.40.21.80: F 0:0(0) ack 1 win 64800 300869 rule 0/0(match): block in on fxp0: IP 10.1.184.15.4154 > 195.141.40.21.80: F 0:0(0) ack 1 win 64800 100417 rule 0/0(match): block in on fxp0: IP 10.1.184.15.4153 > 195.141.40.21.80: F 0:0(0) ack 1 win 64800 200569 rule 0/0(match): block in on fxp0: IP 10.1.184.15.4152 > 195.141.14.21.80: F 0:0(0) ack 1 win 64800 .... How can I change the PF rule to fix this problem? Thanks Sam. From owner-freebsd-pf@FreeBSD.ORG Wed May 4 14:53:14 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF81116A4CE for ; Wed, 4 May 2005 14:53:14 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 61B3543D6A for ; Wed, 4 May 2005 14:53:14 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1DTLEz-0008E4-00; Wed, 04 May 2005 16:52:45 +0200 Received: from [84.163.252.110] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1DTLEz-00020p-00; Wed, 04 May 2005 16:52:46 +0200 From: Max Laier To: freebsd-pf@freebsd.org Date: Wed, 4 May 2005 16:52:36 +0200 User-Agent: KMail/1.8 References: <4278C045.9050802@lugpiacenza.org> <4278CF8F.3030105@lugpiacenza.org> In-Reply-To: <4278CF8F.3030105@lugpiacenza.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1441527.RFkpRZWTeU"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200505041652.43999.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: pier Subject: Re: Pf patch X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 14:53:14 -0000 --nextPart1441527.RFkpRZWTeU Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 04 May 2005 15:35, pier wrote: > pier wrote: > > hi all. > > I'm trying to apply the patch for pf3.7. > > It compile everything until comes to pfsync > > It gives me this error: > > > > > > cc -O -pipe -march=3Dpentiumpro -DUSE_IF_MEDIA -DINET6 -DUSE_VLANS > > -DUSE_IEEE80211 -DUSE_CARP -DUSE_MAC -DUSE_PFSYNC -DNS -Wall > > -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wnested-externs -I.. > > [...] > Now i'm noticed these rejects: > > Patching file ifpfsync.c using Plan A... > Hunk #1 succeeded at 35. > Hunk #2 failed at 46. > Hunk #3 succeeded at 60 (offset -5 lines). > Hunk #4 succeeded at 78 (offset -5 lines). > Hunk #5 failed at 168. > 2 out of 5 hunks failed--saving rejects to ifpfsync.c.rej > done You are using the wrong ifconfig patch. Use pf37.ifconfig_RELENG_5.diff=20 *only* =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1441527.RFkpRZWTeU Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCeOG7XyyEoT62BG0RAtGzAJ9vFwYSfpHgGte609YU1wCDWLx1nwCfU3H7 K5d37gTxt7Lj0JLfjvNDn7c= =eTs3 -----END PGP SIGNATURE----- --nextPart1441527.RFkpRZWTeU-- From owner-freebsd-pf@FreeBSD.ORG Wed May 4 16:15:21 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A102516A4CE for ; Wed, 4 May 2005 16:15:21 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 13DA943D95 for ; Wed, 4 May 2005 16:15:21 +0000 (GMT) (envelope-from sullrich@gmail.com) Received: by rproxy.gmail.com with SMTP id a41so191148rng for ; Wed, 04 May 2005 09:14:09 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=eEdH+hx9lBbkpEZD5S4Y7itSZbdyy1EZzJ0/JnP9OqFPm39cOOQCqqwCDR2I0X4YTWWb5WvhZOaoYZzukY/hQnETggUivyv/JdyE+2W5X9I1+vlfGkqNB8NUkPI00NoHkzCB05BrMa2MwgkNb4pdAAq5D5FhnsAUnRe+rbsDpdI= Received: by 10.38.86.11 with SMTP id j11mr1294587rnb; Wed, 04 May 2005 09:14:09 -0700 (PDT) Received: by 10.38.207.53 with HTTP; Wed, 4 May 2005 09:14:09 -0700 (PDT) Message-ID: Date: Wed, 4 May 2005 12:14:09 -0400 From: Scott Ullrich To: freebsd-pf@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: PFTop X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Scott Ullrich List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 16:15:21 -0000 Hello All! I'm running pftop on pfSense but since we imported 3.7 there have been some structure changes that prevent me from recompiling pftop. Is there a fix for this somehow? Thanks in advance! Scott From owner-freebsd-pf@FreeBSD.ORG Wed May 4 16:37:28 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8826916A4CE for ; Wed, 4 May 2005 16:37:28 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 35A6243D7B for ; Wed, 4 May 2005 16:37:28 +0000 (GMT) (envelope-from sullrich@gmail.com) Received: by rproxy.gmail.com with SMTP id a41so195706rng for ; Wed, 04 May 2005 09:36:35 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=PIx9EGDdb3g6+xUqnQ2mavtKXr+GtI0kpM25J/wDClHmq011o4sUcTuglk2z5530586ptE5QEKWyVn36opXfWF52YqAPTA0ZF37096o9N543qjwPCVGLnM2eV/dIDjjVRRKQRvCY5gcQ0kcI8+TFA5t79uYNUzxGMHG92jLLXF0= Received: by 10.38.6.75 with SMTP id 75mr1320890rnf; Wed, 04 May 2005 09:36:34 -0700 (PDT) Received: by 10.38.207.53 with HTTP; Wed, 4 May 2005 09:36:34 -0700 (PDT) Message-ID: Date: Wed, 4 May 2005 12:36:34 -0400 From: Scott Ullrich To: Max Laier In-Reply-To: <200505041835.26531.max@love2party.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <200505041835.26531.max@love2party.net> cc: freebsd-pf@freebsd.org Subject: Re: PFTop X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Scott Ullrich List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 16:37:28 -0000 On 5/4/05, Max Laier wrote: > Edwin Brown has submitted a patch earlier. I'll update the port shortly. > However, pftop is a bit outdated. Could you try to contact the original > author to see if he has plans to update it to a newer OpenBSD? Thanks, sure will! Scott From owner-freebsd-pf@FreeBSD.ORG Wed May 4 19:49:12 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 20D9516A4CE for ; Wed, 4 May 2005 19:49:12 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 734DF43D54 for ; Wed, 4 May 2005 19:49:11 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.206] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1DTMqO-0001VM-00; Wed, 04 May 2005 18:35:28 +0200 Received: from [84.163.252.110] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1DTMqO-0001Jk-00; Wed, 04 May 2005 18:35:28 +0200 From: Max Laier To: freebsd-pf@freebsd.org, Scott Ullrich Date: Wed, 4 May 2005 18:35:20 +0200 User-Agent: KMail/1.8 References: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1605316.OT1IY14JJf"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200505041835.26531.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: PFTop X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 19:49:12 -0000 --nextPart1605316.OT1IY14JJf Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 04 May 2005 18:14, Scott Ullrich wrote: > Hello All! > > I'm running pftop on pfSense but since we imported 3.7 there have been > some structure changes that prevent me from recompiling pftop. Is > there a fix for this somehow? > > Thanks in advance! Edwin Brown has submitted a patch earlier. I'll update the port shortly. = =20 However, pftop is a bit outdated. Could you try to contact the original=20 author to see if he has plans to update it to a newer OpenBSD? =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1605316.OT1IY14JJf Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCePnOXyyEoT62BG0RArVeAJ9g85L+/jJTdTe2pCs+ikde3t0BCwCfaLeF DiYdZP+UIfh8kjoAWEyvotI= =DId5 -----END PGP SIGNATURE----- --nextPart1605316.OT1IY14JJf-- From owner-freebsd-pf@FreeBSD.ORG Wed May 4 21:18:24 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DAC2916A4CE for ; Wed, 4 May 2005 21:18:24 +0000 (GMT) Received: from ns2.wananchi.com (mail.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE5FF43D73 for ; Wed, 4 May 2005 21:18:23 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.44 #0 (FreeBSD 4.11-STABLE)) id 1DTRFF-0007t7-Es by authid for ; Thu, 05 May 2005 00:17:25 +0300 Date: Thu, 5 May 2005 00:17:25 +0300 From: Odhiambo Washington To: freebsd-pf@freebsd.org Message-ID: <20050504211725.GA23370@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , freebsd-pf@freebsd.org References: <4278C045.9050802@lugpiacenza.org> <4278CF8F.3030105@lugpiacenza.org> <200505041652.43999.max@love2party.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200505041652.43999.max@love2party.net> X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.9i (2005-03-13) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.9i Subject: Re: Pf patch X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 21:18:25 -0000 * Max Laier [20050504 17:53]: wrote: > On Wednesday 04 May 2005 15:35, pier wrote: > > pier wrote: > > > hi all. > > > I'm trying to apply the patch for pf3.7. > > > It compile everything until comes to pfsync > > > It gives me this error: > > > > > > > > > cc -O -pipe -march=pentiumpro -DUSE_IF_MEDIA -DINET6 -DUSE_VLANS > > > -DUSE_IEEE80211 -DUSE_CARP -DUSE_MAC -DUSE_PFSYNC -DNS -Wall > > > -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wnested-externs -I.. > > > > [...] > > Now i'm noticed these rejects: > > > > Patching file ifpfsync.c using Plan A... > > Hunk #1 succeeded at 35. > > Hunk #2 failed at 46. > > Hunk #3 succeeded at 60 (offset -5 lines). > > Hunk #4 succeeded at 78 (offset -5 lines). > > Hunk #5 failed at 168. > > 2 out of 5 hunks failed--saving rejects to ifpfsync.c.rej > > done > > You are using the wrong ifconfig patch. Use pf37.ifconfig_RELENG_5.diff > *only* This has also answered my question! Max, may you kindly update the patching instructions, please? -Wash http://www.netmeister.org/news/learn2quote.html -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ A tautology is a thing which is tautological. From owner-freebsd-pf@FreeBSD.ORG Thu May 5 05:45:21 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 41A7F16A4CE for ; Thu, 5 May 2005 05:45:21 +0000 (GMT) Received: from host130-93.pool8019.interbusiness.it (host130-93.pool8019.interbusiness.it [80.19.93.130]) by mx1.FreeBSD.org (Postfix) with SMTP id 3F91743D94 for ; Thu, 5 May 2005 05:45:20 +0000 (GMT) (envelope-from pierguido.lambri@lugpiacenza.org) Message-ID: <4279B4F0.3060107@lugpiacenza.org> Date: Thu, 05 May 2005 07:53:52 +0200 From: pier MIME-Version: 1.0 Cc: freebsd-pf@freebsd.org References: <4278C045.9050802@lugpiacenza.org> <4278CF8F.3030105@lugpiacenza.org> <200505041652.43999.max@love2party.net> In-Reply-To: <200505041652.43999.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 8bit Subject: Re: Pf patch X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 05:45:21 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Max Laier wrote: > You are using the wrong ifconfig patch. Use pf37.ifconfig_RELENG_5.diff > *only* Thank you...that worked...but now i have another problem: ===> sbin/pfctl yacc -o parse.c /usr/src/sbin/pfctl/../../contrib/pf/pfctl/parse.y make: don't know how to make pfctl_optimize.c. Stop *** Error code 2 Stop in /usr/src/sbin. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. Pier - -- Un uomo saggio impara dall' esperienza. Un uomo ancora pił saggio impara dall'esperienza degli altri -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCebTw0EvuLV/O0yoRAl0QAJ97yQ/jN1VHxrjL2LZBYTGtKSh8jQCeOOAN xF1RdYJVnnLu4dNcHXn6b6U= =3Cce -----END PGP SIGNATURE----- From owner-freebsd-pf@FreeBSD.ORG Thu May 5 14:38:48 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5501D16A4CE for ; Thu, 5 May 2005 14:38:48 +0000 (GMT) Received: from smtp02.net-yan.com (smtp02.hgcbroadband.com [210.0.255.157]) by mx1.FreeBSD.org (Postfix) with ESMTP id 84FFF43D77 for ; Thu, 5 May 2005 14:38:47 +0000 (GMT) (envelope-from sam.wun@authtec.com) Received: (qmail 17917 invoked from network); 5 May 2005 14:38:44 -0000 Received: from unknown (HELO [10.1.1.1]) (samwun@hgcbroadband.com@[221.127.170.22]) (envelope-sender ) by localhost (qmail-ldap-1.03) with SMTP for ; 5 May 2005 14:38:44 -0000 Message-ID: <427A2FE9.2030104@authtec.com> Date: Thu, 05 May 2005 22:38:33 +0800 From: sam wun User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Where is CARP log file? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 14:38:48 -0000 Hi, As I remmebed a while ago I looked at CARP log file and indicated that both HA gateway switched between each other when I pulled out the cable. But know I couldn't find this log file. Can anyone please tell me where PF CARP log file is? Thanks Sam From owner-freebsd-pf@FreeBSD.ORG Thu May 5 14:53:03 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 00BB616A4CE for ; Thu, 5 May 2005 14:53:03 +0000 (GMT) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B70A43DA1 for ; Thu, 5 May 2005 14:53:02 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.44 #0 (FreeBSD 4.11-STABLE)) id 1DThii-000EGl-NW by authid for ; Thu, 05 May 2005 17:52:56 +0300 Date: Thu, 5 May 2005 17:52:56 +0300 From: Odhiambo Washington To: freebsd-pf@freebsd.org Message-ID: <20050505145256.GH53958@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , freebsd-pf@freebsd.org References: <4278C045.9050802@lugpiacenza.org> <4278CF8F.3030105@lugpiacenza.org> <200505041652.43999.max@love2party.net> <4279B4F0.3060107@lugpiacenza.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4279B4F0.3060107@lugpiacenza.org> X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.9i (2005-03-13) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.9i Subject: Re: Pf patch X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 14:53:03 -0000 * pier [20050505 08:45]: wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Max Laier wrote: > > You are using the wrong ifconfig patch. Use pf37.ifconfig_RELENG_5.diff > > *only* > Thank you...that worked...but now i have another problem: > > ===> sbin/pfctl > yacc -o parse.c /usr/src/sbin/pfctl/../../contrib/pf/pfctl/parse.y > make: don't know how to make pfctl_optimize.c. Stop > *** Error code 2 > > Stop in /usr/src/sbin. > *** Error code 1 > > Stop in /usr/src. > *** Error code 1 > > Stop in /usr/src. > *** Error code 1 > > Stop in /usr/src. Hi Pier, I managed to patch and compile successfully on 5.4-STABLE. I may be able to send you the details when I get home. My home PC is inaccessible at the moment. I think there is power blackout there ;) -Wash http://www.netmeister.org/news/learn2quote.html -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ A language that doesn't affect the way you think about programming is not worth knowing. From owner-freebsd-pf@FreeBSD.ORG Thu May 5 15:12:53 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0625216A4CE for ; Thu, 5 May 2005 15:12:53 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D35B43D60 for ; Thu, 5 May 2005 15:12:52 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.209] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1DTi1w-0004d6-00; Thu, 05 May 2005 17:12:48 +0200 Received: from [84.163.230.71] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1DTi1w-0003yK-00; Thu, 05 May 2005 17:12:48 +0200 From: Max Laier To: freebsd-pf@freebsd.org Date: Thu, 5 May 2005 17:12:56 +0200 User-Agent: KMail/1.8 References: <427A2FE9.2030104@authtec.com> In-Reply-To: <427A2FE9.2030104@authtec.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1337972.UlfaGJhuAP"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200505051713.04531.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: sam wun Subject: Re: Where is CARP log file? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 15:12:53 -0000 --nextPart1337972.UlfaGJhuAP Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 05 May 2005 16:38, sam wun wrote: > As I remmebed a while ago I looked at CARP log file and indicated that > both HA gateway switched between each other when I pulled out the cable. > > But know I couldn't find this log file. > > Can anyone please tell me where PF CARP log file is? There is no such thing as a CARP log file. However, you might find $dmesg = =2Da=20 to be informative enough. In addition you can look at the net/ifstated por= t=20 which can assist you in creating a real log file. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1337972.UlfaGJhuAP Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCejgAXyyEoT62BG0RAhLsAJ9mXrEtyn2za+RWP8OEe+HTypaqlgCeOEww T9DPwUZdXV/uedBdL/+i+Q8= =Of2/ -----END PGP SIGNATURE----- --nextPart1337972.UlfaGJhuAP-- From owner-freebsd-pf@FreeBSD.ORG Thu May 5 15:15:01 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06E0016A4CE for ; Thu, 5 May 2005 15:15:01 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3AF2843D5D for ; Thu, 5 May 2005 15:15:00 +0000 (GMT) (envelope-from max@love2party.net) Received: from p54A3E647.dip.t-dialin.net[84.163.230.71] (helo=donor.laier.local) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0MKwh2-1DTi40266y-0003Z3; Thu, 05 May 2005 17:14:56 +0200 From: Max Laier To: freebsd-pf@freebsd.org Date: Thu, 5 May 2005 17:15:01 +0200 User-Agent: KMail/1.8 References: <4278C045.9050802@lugpiacenza.org> <200505041652.43999.max@love2party.net> <4279B4F0.3060107@lugpiacenza.org> In-Reply-To: <4279B4F0.3060107@lugpiacenza.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1174681.ESpPddTZmg"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200505051715.12352.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 cc: pier Subject: Re: Pf patch X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 15:15:01 -0000 --nextPart1174681.ESpPddTZmg Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 05 May 2005 07:53, pier wrote: > Max Laier wrote: > > You are using the wrong ifconfig patch. Use pf37.ifconfig_RELENG_5.diff > > *only* > > Thank you...that worked...but now i have another problem: > > =3D=3D=3D> sbin/pfctl > yacc -o parse.c /usr/src/sbin/pfctl/../../contrib/pf/pfctl/parse.y > make: don't know how to make pfctl_optimize.c. Stop > *** Error code 2 You need to pull src/sys/contrib/pf and src/contrib/pf to HEAD, of course. = =20 This is already troublesome as Andre committed a change that breaks compat,= =20 but I will look into fixing this. Till then you can just use the files fro= m=20 the tarball. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1174681.ESpPddTZmg Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCejiAXyyEoT62BG0RAg3bAJ93ESCrFQT7dfO3vcymz9qzQv04sQCbBuOh rCfhATvo6a803DNRp0pqnMk= =N59G -----END PGP SIGNATURE----- --nextPart1174681.ESpPddTZmg-- From owner-freebsd-pf@FreeBSD.ORG Thu May 5 15:27:05 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F369E16A4CE for ; Thu, 5 May 2005 15:27:04 +0000 (GMT) Received: from host130-93.pool8019.interbusiness.it (host130-93.pool8019.interbusiness.it [80.19.93.130]) by mx1.FreeBSD.org (Postfix) with SMTP id 502BD43D90 for ; Thu, 5 May 2005 15:27:03 +0000 (GMT) (envelope-from pierguido.lambri@lugpiacenza.org) Message-ID: <427A3D43.1060805@lugpiacenza.org> Date: Thu, 05 May 2005 17:35:31 +0200 From: pier MIME-Version: 1.0 Cc: freebsd-pf@freebsd.org References: <4278C045.9050802@lugpiacenza.org> <200505041652.43999.max@love2party.net> <4279B4F0.3060107@lugpiacenza.org> <200505051715.12352.max@love2party.net> In-Reply-To: <200505051715.12352.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 8bit Subject: Re: Pf patch X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 15:27:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Max Laier wrote: > You need to pull src/sys/contrib/pf and src/contrib/pf to HEAD, of course. > This is already troublesome as Andre committed a change that breaks compat, > but I will look into fixing this. Till then you can just use the files from > the tarball. ok...today i refresh my src...apply the patches and recompile. Everything went fine. Till now no problem...i still didn't use any new option, just -o from pfctl. Thank you to everybody Pier - -- Un uomo saggio impara dall' esperienza. Un uomo ancora pił saggio impara dall'esperienza degli altri -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCej1C0EvuLV/O0yoRAsO0AKD0nEbH8/OHC2ZwzjJfEjDCJe6tkQCg40QQ bCQJPc+WK3xuTaxP2LLgCKw= =TgdZ -----END PGP SIGNATURE----- From owner-freebsd-pf@FreeBSD.ORG Thu May 5 17:11:58 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4731F16A4CE for ; Thu, 5 May 2005 17:11:58 +0000 (GMT) Received: from mail.secureworks.net (mail.secureworks.net [209.101.212.155]) by mx1.FreeBSD.org (Postfix) with SMTP id 8B56443DB4 for ; Thu, 5 May 2005 17:11:57 +0000 (GMT) (envelope-from mdg@secureworks.net) Received: (qmail 87423 invoked from network); 5 May 2005 17:11:52 -0000 Received: from unknown (HELO ?192.168.29.82?) (63.239.86.253) by mail.secureworks.net with SMTP; 5 May 2005 17:11:52 -0000 Message-ID: <427A5401.3020808@secureworks.net> Date: Thu, 05 May 2005 13:12:33 -0400 From: Matthew George User-Agent: Mozilla Thunderbird 0.9 (X11/20041117) X-Accept-Language: en-us, en MIME-Version: 1.0 To: pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: net/ifstated update X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 17:11:58 -0000 I just filed a PR (ports/80667) to bring ifstated in line with the latest OpenBSD sources. The only really visible changes should be those dealing with the config file grammar. From their cvs commit message: Simplify the ifstated syntax: "carp0 link up" => carp0.link.up "and" => && "or" => || * Allow one line actions after if statements without braces. * Remove unecessary parentheses in the example config. The example config reflects these changes ... let me know if you have any problems with it once it's committed. -- Matthew George SecureWorks From owner-freebsd-pf@FreeBSD.ORG Fri May 6 19:02:55 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3633B16A4D9 for ; Fri, 6 May 2005 19:02:55 +0000 (GMT) Received: from mailhost.u-strasbg.fr (mailhost.u-strasbg.fr [130.79.200.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C50043DA1 for ; Fri, 6 May 2005 19:02:54 +0000 (GMT) (envelope-from Philippe.Pegon@crc.u-strasbg.fr) Received: from sokaris.u-strasbg.fr (sokaris.u-strasbg.fr [IPv6:2001:660:2402::101])id j46J2rpN094143 for ; Fri, 6 May 2005 21:02:53 +0200 (CEST) Received: from [127.0.0.1] (crc.u-strasbg.fr [IPv6:2001:660:2402:1001::1]) j46J2qtt053761 for ; Fri, 6 May 2005 21:02:52 +0200 (CEST) Message-ID: <427BBF5A.9090407@crc.u-strasbg.fr> Date: Fri, 06 May 2005 21:02:50 +0200 From: Philippe PEGON User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050326) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.6 (mailhost.u-strasbg.fr [IPv6:2001:660:2402::153]); Fri, 06 May 2005 21:02:53 +0200 (CEST) X-Antivirus: scanned by sophos at u-strasbg.fr Subject: carp with vlan X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 May 2005 19:02:55 -0000 Hi, I've seen a mail in freebsd-pf list about the support of vlan with carp and em cards : http://lists.freebsd.org/pipermail/freebsd-net/2005-April/006997.html Is there any plan to support carp on vlan in FreeBSD 5 and to merge these patch ? thanks -- Philippe PEGON From owner-freebsd-pf@FreeBSD.ORG Fri May 6 19:06:34 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A733916A4D4 for ; Fri, 6 May 2005 19:06:34 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1439C43D92 for ; Fri, 6 May 2005 19:06:34 +0000 (GMT) (envelope-from sullrich@gmail.com) Received: by rproxy.gmail.com with SMTP id a41so543973rng for ; Fri, 06 May 2005 12:06:33 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=jW0oX9LIcWSS5bZaEW9Tig/GN+fa9KRQq+WTP7vnxp5NqatQmML0jr93+XNMPkjljWU3G4Il3VwgmHvBVkDniJnnVfuGGL2mA5qRPjyNmTBSszO8DnlJx+fEGHdrIcK85bKUgzUW78coaQTZPryyQ58VSUluI+j0ejxcfq7niyk= Received: by 10.38.10.53 with SMTP id 53mr171480rnj; Fri, 06 May 2005 12:06:33 -0700 (PDT) Received: by 10.38.207.53 with HTTP; Fri, 6 May 2005 12:06:33 -0700 (PDT) Message-ID: Date: Fri, 6 May 2005 15:06:33 -0400 From: Scott Ullrich To: Philippe PEGON In-Reply-To: <427BBF5A.9090407@crc.u-strasbg.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <427BBF5A.9090407@crc.u-strasbg.fr> cc: freebsd-pf@freebsd.org Subject: Re: carp with vlan X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Scott Ullrich List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 May 2005 19:06:34 -0000 On 5/6/05, Philippe PEGON wrote: > Hi, >=20 > I've seen a mail in freebsd-pf list about the support of vlan with carp > and em cards : >=20 > http://lists.freebsd.org/pipermail/freebsd-net/2005-April/006997.html >=20 > Is there any plan to support carp on vlan in FreeBSD 5 and to merge these > patch ? This would be a great patch to get into the tree as we have a number of users that use the ALTQ / VLAN patch on pfSense. And when I forget to add it back inbetween rebuilding, they always let me know promptly :) Scott PS: I have an updated patch for 5.4 located at http://www.pfsense.com/downloads/patches/altq-vlan-patch.diff