From owner-freebsd-pf@freebsd.org Sun Nov 12 02:32:33 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EAB70E65E96 for ; Sun, 12 Nov 2017 02:32:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id D2F2178893 for ; Sun, 12 Nov 2017 02:32:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id D255AE65E95; Sun, 12 Nov 2017 02:32:33 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D200BE65E94 for ; Sun, 12 Nov 2017 02:32:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C0ECE78891 for ; Sun, 12 Nov 2017 02:32:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vAC2WX8S050953 for ; Sun, 12 Nov 2017 02:32:33 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 223208] [pf] pf.conf syntax (:peer) rules load incorrectly Date: Sun, 12 Nov 2017 02:32:33 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 02:32:34 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223208 Kristof Provost changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |In Progress --- Comment #8 from Kristof Provost --- (In reply to Kristof Provost from comment #7) I still don't fully understand why this happens only if the tun0 interface = has an IPv6 address assigned, but this fixes it. diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index a47dfd04103..d9abd9a0610 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1392,6 +1396,7 @@ ifa_lookup(const char *ifa_name, int flags) set_ipmask(n, 128); } n->ifindex =3D p->ifindex; + n->ifname =3D strdup(p->ifname); n->next =3D NULL; n->tail =3D n; --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Tue Nov 14 07:59:30 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C4DED7EFD0 for ; Tue, 14 Nov 2017 07:59:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id E663B74042 for ; Tue, 14 Nov 2017 07:59:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id E2B54D7EFCF; Tue, 14 Nov 2017 07:59:29 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E25F7D7EFCE for ; Tue, 14 Nov 2017 07:59:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D102B74041 for ; Tue, 14 Nov 2017 07:59:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vAE7xTH2087953 for ; Tue, 14 Nov 2017 07:59:29 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 223208] [pf] pf.conf syntax (:peer) rules load incorrectly Date: Tue, 14 Nov 2017 07:59:29 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: felix_mail@mail.ru X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 07:59:30 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223208 --- Comment #9 from Felix Z. --- (In reply to Kristof Provost from comment #8) Thanks! It is interesting, what is a problem root? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Tue Nov 14 08:05:19 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2EC2ED7F54F for ; Tue, 14 Nov 2017 08:05:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 1695074437 for ; Tue, 14 Nov 2017 08:05:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 15EC9D7F54E; Tue, 14 Nov 2017 08:05:19 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 15974D7F54C for ; Tue, 14 Nov 2017 08:05:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 03E1974436 for ; Tue, 14 Nov 2017 08:05:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vAE85IZH011330 for ; Tue, 14 Nov 2017 08:05:18 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 223208] [pf] pf.conf syntax (:peer) rules load incorrectly Date: Tue, 14 Nov 2017 08:05:19 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 08:05:19 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223208 --- Comment #10 from Kristof Provost --- (In reply to Felix Z. from comment #9) As I said, I still don't fully understand the problem. I suspect this actually papers over the issue rather than fully fixing it. = The pfctl code is ... complex, and I'm going to need more time to work this out. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Tue Nov 14 08:36:55 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A5DFCD7FDCE for ; Tue, 14 Nov 2017 08:36:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 8E2C075300 for ; Tue, 14 Nov 2017 08:36:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 8A2ECD7FDCD; Tue, 14 Nov 2017 08:36:55 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 89C70D7FDCC for ; Tue, 14 Nov 2017 08:36:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7835F752FF for ; Tue, 14 Nov 2017 08:36:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vAE8atf7091966 for ; Tue, 14 Nov 2017 08:36:55 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 223208] [pf] pf.conf syntax (:peer) rules load incorrectly Date: Tue, 14 Nov 2017 08:36:55 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 08:36:55 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223208 --- Comment #11 from Kristof Provost --- (In reply to Kristof Provost from comment #10) Can you try this one instead? diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 5652845d419..64015c7894b 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -4390,8 +4390,11 @@ route_host : STRING { $$->tail =3D $$; } | '(' STRING host ')' { + struct node_host *n; + $$ =3D $3; - $$->ifname =3D $2; + for (n =3D $3; n !=3D NULL; n =3D n->next) + n->ifname =3D strdup($2); } ; The route_host parsing code set the interface name, but only for the first node_host in the list. If that one happened to be the inet6 address (given = an inet rule) it'd get removed by remove_invalid_hosts() later on, and we'd ha= ve no interface name. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Tue Nov 14 13:38:56 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 66F0BDBF2A3 for ; Tue, 14 Nov 2017 13:38:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 4F39C7E9AB for ; Tue, 14 Nov 2017 13:38:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 4E7A5DBF2A2; Tue, 14 Nov 2017 13:38:56 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4E0B4DBF2A1 for ; Tue, 14 Nov 2017 13:38:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3CD0C7E9AA for ; Tue, 14 Nov 2017 13:38:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vAEDcuwW011984 for ; Tue, 14 Nov 2017 13:38:56 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 223208] [pf] pf.conf syntax (:peer) rules load incorrectly Date: Tue, 14 Nov 2017 13:38:56 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: felix_mail@mail.ru X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 13:38:56 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223208 --- Comment #12 from Felix Z. --- (In reply to Kristof Provost from comment #11) Thank you very much! Everything works perfectly. My investigation has ended around the parser.y, because I badly understand = his work. But it was very interesting to me. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Wed Nov 15 12:27:24 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 53782DDBD45 for ; Wed, 15 Nov 2017 12:27:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 37CFF693F0 for ; Wed, 15 Nov 2017 12:27:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 32D4DDDBD44; Wed, 15 Nov 2017 12:27:24 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2F14FDDBD43 for ; Wed, 15 Nov 2017 12:27:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1722F693EE for ; Wed, 15 Nov 2017 12:27:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vAFCRNiO079423 for ; Wed, 15 Nov 2017 12:27:23 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 223208] [pf] pf.conf syntax (:peer) rules load incorrectly Date: Wed, 15 Nov 2017 12:27:24 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2017 12:27:24 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223208 --- Comment #13 from commit-hook@freebsd.org --- A commit references this bug: Author: kp Date: Wed Nov 15 12:27:02 UTC 2017 New revision: 325850 URL: https://svnweb.freebsd.org/changeset/base/325850 Log: pfctl: teach route-to to deal with interfaces with multiple addresses The route_host parsing code set the interface name, but only for the first node_host in the list. If that one happened to be the inet6 address and t= he rule wanted an inet address it'd get removed by remove_invalid_hosts() la= ter on, and we'd have no interface name. We must set the interface name for all node_host entries in the list, not just the first one. PR: 223208 MFC after: 2 weeks Changes: head/sbin/pfctl/parse.y --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Sat Nov 18 01:31:58 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C65AFDE82FB for ; Sat, 18 Nov 2017 01:31:58 +0000 (UTC) (envelope-from dave@horsfall.org) Received: from viclamta10p.bpe.bigpond.com (viclamta10p.bpe.bigpond.com [203.38.21.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "", Issuer "Openwave Messaging Inc." (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A29767D417 for ; Sat, 18 Nov 2017 01:31:55 +0000 (UTC) (envelope-from dave@horsfall.org) Received: from smtp.telstra.com ([10.10.26.4]) by viclafep08p-svc.bpe.nexus.telstra.com.au with ESMTP id <20171118012029.JWJZ6325.viclafep08p-svc.bpe.nexus.telstra.com.au@smtp.telstra.com> for ; Sat, 18 Nov 2017 12:20:29 +1100 X-RG-Spam: Unknown X-Junkmail-Premium-Raw: score=7/83, refid=2.7.2:2017.11.18.5115:17:7.944, ip=, rules=__HAS_FROM, __TO_MALFORMED_2, __TO_NAME, __TO_NAME_DIFF_FROM_ACC, __HAS_MSGID, __SANE_MSGID, __USER_AGENT, __MIME_VERSION, __CT, __CT_TEXT_PLAIN, __ANY_URI, __URI_NO_MAILTO, __URI_NO_WWW, __C230066_P5, __FRAUD_MONEY_CURRENCY_DOLLAR, __NO_HTML_TAG_RAW, BODY_SIZE_1700_1799, BODYTEXTP_SIZE_3000_LESS, __MIME_TEXT_P1, __MIME_TEXT_ONLY, HTML_00_01, HTML_00_10, __FRAUD_MONEY_CURRENCY, BODY_SIZE_5000_LESS, __TO_REAL_NAMES, BODY_SIZE_2000_LESS, __MIME_TEXT_P, NO_URI_HTTPS, BODY_SIZE_7000_LESS X-RG-VS-Verdict: clean X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrfeelgedrkeelgdduudefucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuuffpveftpgfvgffnuffvtfetnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfgggtgesthdttddttdervdenucfhrhhomhepffgrvhgvucfjohhrshhfrghllhcuoegurghvvgeshhhorhhsfhgrlhhlrdhorhhgqeenucffohhmrghinhepmhgrihhlihhnfhhordhgrgdprghruhgsrgdrihhtnecukfhppeduuddtrddugedurdduleefrddvfeefnecurfgrrhgrmhephhgvlhhopegrnhgvuhhrihhnrdhhohhrshhfrghllhdrohhrghdpihhnvghtpeduuddtrddugedurdduleefrddv Received: from aneurin.horsfall.org (110.141.193.233) by smtp.telstra.com (9.0.019.22-1) id 5A0DD2DB002D170F for freebsd-pf@freebsd.org; Sat, 18 Nov 2017 12:20:29 +1100 Received: from aneurin.horsfall.org (localhost [127.0.0.1]) by aneurin.horsfall.org (8.15.2/8.15.2) with ESMTP id vAI1KSiq002605 for ; Sat, 18 Nov 2017 12:20:28 +1100 (EST) (envelope-from dave@horsfall.org) Received: from localhost (dave@localhost) by aneurin.horsfall.org (8.15.2/8.15.2/Submit) with ESMTP id vAI1KRvi002602 for ; Sat, 18 Nov 2017 12:20:28 +1100 (EST) (envelope-from dave@horsfall.org) X-Authentication-Warning: aneurin.horsfall.org: dave owned process doing -bs Date: Sat, 18 Nov 2017 12:20:27 +1100 (EST) From: Dave Horsfall To: FreeBSD PF List Subject: Why is PF rejecting these connections? Message-ID: User-Agent: Alpine 2.21 (BSF 202 2017-01-01) X-GPG-Public-Key: http://www.horsfall.org/gpgkey.pub X-GPG-Fingerprint: 05B4 FFBC 0218 B438 66E0 587B EF46 7357 EF5E F58B X-Home-Page: http://www.horsfall.org/ X-Witty-Saying: "chmod 666 the_mode_of_the_beast" MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 01:31:58 -0000 I have PF (FreeBSD 10.4) configured to drop suspicious packets e.g. those claiming to be ACKs for non-existent connections etc, but I'm seeing some weirdness in the logs. Now, I sort of inherited the configuration and don't fully understand each directive, but if it works for someone I trust, well... Anyway, here are some sample log entries: 23:15:37.755870 IP host90-45-237-212.serverdedicati.aruba.it.34944 > aneurin.kfu.smtp: Flags [S], seq 4161201091, win 14600, options [mss 1460,sackOK,TS[|tcp]> 23:15:40.755278 IP host90-45-237-212.serverdedicati.aruba.it.34944 > aneurin.kfu.smtp: Flags [S], seq 4161201091, win 14600, options [mss 1460,sackOK,TS[|tcp]> [...] 23:52:02.768939 IP rdns1.mailinfo.ga.43128 > aneurin.kfu.smtp: Flags [S], seq 1022514539, win 14600, options [mss 1460,sackOK,TS[|tcp]> 23:52:18.768869 IP rdns1.mailinfo.ga.43128 > aneurin.kfu.smtp: Flags [S], seq 1022514539, win 14600, options [mss 1460,sackOK,TS[|tcp]> Etc; the common theme appears to be those options whose purpose I don't quite grok, but are presumably legal in this context. The relevant lines from my pf.conf seem to be: set block-policy drop set loginterface egress #set ruleset-optimization basic scrub in block all pass out quick all keep state antispoof log quick for $ext_if inet [ Sundry pass/block rules ] So, why is PF complaining about those packets? The finer points of TCP options notwithstanding, they seem OK to me... Remember: I inherited most of the configuration file, so I don't necessarily understand it. Thanks. -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." From owner-freebsd-pf@freebsd.org Sat Nov 18 10:13:34 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 69C8FDF3E86 for ; Sat, 18 Nov 2017 10:13:34 +0000 (UTC) (envelope-from srs0=hv69=cq=sigsegv.be=kristof@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 326856ACDE for ; Sat, 18 Nov 2017 10:13:34 +0000 (UTC) (envelope-from srs0=hv69=cq=sigsegv.be=kristof@codepro.be) Received: from [172.20.10.2] (unknown [188.188.30.158]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id B5DEE9E64; Sat, 18 Nov 2017 11:13:31 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigsegv.be; s=mail; t=1511000012; bh=tqQd1xqsMQQc1P4tOi5VBzxm/wqB0mIfbHuGVpJvb10=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=GRG2Da2hwlG87/ceFosCLTbAuXpeWSs71Fxy9SCJTfHPFFprxJDoA0kmXrRJdbOzo SqcrYeTRjK/OVJUj/Sx810OV5EbBs1e4BaR5P6Sa573Y2a05PPFMRehGz0PNvWNKDS nAZHmX5eP+xShuE3F2LfVVI65/cwBmNSV3DMzoyU= From: "Kristof Provost" To: "Dave Horsfall" Cc: "FreeBSD PF List" Subject: Re: Why is PF rejecting these connections? Date: Sat, 18 Nov 2017 11:13:33 +0100 Message-ID: <80FABA34-F562-4158-B083-E1488345F249@sigsegv.be> In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Mailer: MailMate (2.0BETAr6096) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2017 10:13:34 -0000 On 18 Nov 2017, at 2:20, Dave Horsfall wrote: > I have PF (FreeBSD 10.4) configured to drop suspicious packets e.g. > those claiming to be ACKs for non-existent connections etc, but I'm > seeing some weirdness in the logs. Now, I sort of inherited the > configuration and don't fully understand each directive, but if it > works for someone I trust, well... > > Anyway, here are some sample log entries: > > 23:15:37.755870 IP host90-45-237-212.serverdedicati.aruba.it.34944 > > aneurin.kfu.smtp: Flags [S], seq 4161201091, win 14600, options [mss > 1460,sackOK,TS[|tcp]> > 23:15:40.755278 IP host90-45-237-212.serverdedicati.aruba.it.34944 > > aneurin.kfu.smtp: Flags [S], seq 4161201091, win 14600, options [mss > 1460,sackOK,TS[|tcp]> > [...] > 23:52:02.768939 IP rdns1.mailinfo.ga.43128 > aneurin.kfu.smtp: > Flags [S], seq 1022514539, win 14600, options [mss > 1460,sackOK,TS[|tcp]> > 23:52:18.768869 IP rdns1.mailinfo.ga.43128 > aneurin.kfu.smtp: > Flags [S], seq 1022514539, win 14600, options [mss > 1460,sackOK,TS[|tcp]> > Can you post a full pcap capture? It’s very hard to figure things out from a text summary of a packet. Where and how were these logged? How do you know they’re being dropped? > Etc; the common theme appears to be those options whose purpose I > don't quite grok, but are presumably legal in this context. > > The relevant lines from my pf.conf seem to be: > > set block-policy drop > set loginterface egress > #set ruleset-optimization basic > scrub in > block all > pass out quick all keep state > antispoof log quick for $ext_if inet > [ Sundry pass/block rules ] > Are these incoming or outgoing packets? I really can’t tell what’s going on from your report. Regards, Kristof