From owner-freebsd-pf@freebsd.org Sun Jun 24 11:56:11 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6EBEA102616C for ; Sun, 24 Jun 2018 11:56:11 +0000 (UTC) (envelope-from srs0=3krg=jk=sigsegv.be=kristof@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id F1438862EF for ; Sun, 24 Jun 2018 11:56:10 +0000 (UTC) (envelope-from srs0=3krg=jk=sigsegv.be=kristof@codepro.be) Received: from [172.28.128.1] (ptr-8rgnodwrj12pcmwyzc4.18120a2.ip6.access.telenet.be [IPv6:2a02:1811:240b:b802:dd73:751e:97d6:1f64]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 3A75041C0B; Sun, 24 Jun 2018 13:56:08 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigsegv.be; s=mail; t=1529841368; bh=tFupqswaf7rVccBHlYA4jw3UkT7ZXEtwG74WwndDKII=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=tTkexWSedtRP2ya5+vuEJlS2VHPEcz9gw5WBBmC04ttgnwGWgyxr9FeG7LuajBwEY JbwWqE0E3Goog4EK1qdZXn5szmshkfz7URRnR3XHPfbH5jE673quHQU63SS3hTDXLS s4ORWKEnNfBDEwD6XvFsbD2M6qkOW2ZiqQzbK40M= From: "Kristof Provost" To: "Marek Zarychta" Cc: freebsd-pf@freebsd.org Subject: Re: pfr_update_stats: assertion failed. Date: Sun, 24 Jun 2018 13:56:07 +0200 X-Mailer: MailMate (2.0BETAr6113) Message-ID: <322F58D6-B7CA-4F78-A860-D43E4F07E402@sigsegv.be> In-Reply-To: <20180623164616.GA82672@plan-b.pwste.edu.pl> References: <20161016181713.GA95110@plan-b.pwste.edu.pl> <20180623152729.GA81271@plan-b.pwste.edu.pl> <20180623164616.GA82672@plan-b.pwste.edu.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2018 11:56:11 -0000 On 23 Jun 2018, at 18:46, Marek Zarychta wrote: > On Sat, Jun 23, 2018 at 05:27:29PM +0200, Marek Zarychta wrote: >> On Sun, Oct 16, 2016 at 08:17:13PM +0200, Marek Zarychta wrote: >>> The issue occurred first two years ago, after upgrade from 8 to 9 >>> branch. Now this i386 machine is running 11.0-STABLE and despite it >>> was >>> compiled with "WITHOUT_ASSERT_DEBUG=yes", still from time to time >>> message buffer is fed with: >>> pfr_update_stats: assertion failed. >>> pfr_update_stats: assertion failed. >>> pfr_update_stats: assertion failed. >>> pfr_update_stats: assertion failed. >>> pfr_update_stats: assertion failed. >>> pfr_update_stats: assertion failed. >>> pfr_update_stats: assertion failed. >> >> These messages are still filling system message buffer. According to >> pfctl (8) there is nothing wrong with incrementing "XPass" counters >> instead of the "Pass" counters. The message "pfr_update_stats: >> assertion >> failed" is printed for debugging purposes only. One could also >> compare >> the counters with the command "pfctl -sT -vv". >> >> OpenBSD converted printf()'s to DPFDEBUG() macro in their sources >> almost >> 8 years ago. Only this printf() in pf_table.c has been converted to >> the >> level of LOG_DEBUG [1]. >> >> Perhaps this line of code could be removed from FreeBSD PF sources? >> > > The previous patch was hastily prepared. It should rather look like > this: > > --- sys/netpfil/pf/pf_table.orig.c 2018-06-23 16:40:14.876882000 +0200 > +++ sys/netpfil/pf/pf_table.c 2018-06-23 18:17:49.353490000 +0200 > @@ -1984,9 +1984,7 @@ > panic("%s: unknown address family %u", __func__, af); > } > - if ((ke == NULL || ke->pfrke_not) != notrule) { > - if (op_pass != PFR_OP_PASS) > - printf("pfr_update_stats: assertion failed.\n"); > + if ((ke == NULL || ke->pfrke_not) != notrule) > op_pass = PFR_OP_XPASS; > - } > kt->pfrkt_packets[dir_out][op_pass]++; > kt->pfrkt_bytes[dir_out][op_pass] += len; > We could delete those lines and that’d get rid of the dmesg noise, but I’m a bit worried that this demonstrates an actual problem. It’s not at all clear to me what’s going on in this bit of the code, and the OpenBSD repo doesn’t have any information about it either. Regards, Kristof From owner-freebsd-pf@freebsd.org Sun Jun 24 19:07:31 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6EBE71009E17 for ; Sun, 24 Jun 2018 19:07:31 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (plan-b.pwste.edu.pl [IPv6:2001:678:618::40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "plan-b.pwste.edu.pl", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E378D732A6 for ; Sun, 24 Jun 2018 19:07:30 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (zarychtam@localhost [127.0.0.1]) by plan-b.pwste.edu.pl (8.15.2/8.15.2) with ESMTPS id w5OJ7Q57006875 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 24 Jun 2018 21:07:26 +0200 (CEST) (envelope-from zarychtam@plan-b.pwste.edu.pl) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=plan-b.pwste.edu.pl; s=plan-b-mailer; t=1529867247; bh=p7sDBBUDJY/Hw7vIoSOmRwvkilO7JveNAYUKabSvJEs=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=AOTc87pfCtdc0f57SFxJ+VgUYIUB+TYHy/943GRo9UYgVuWb9Ksy0L9/brbLbTer2 T9kyDSx9+ivau+wbdg0JJj6FtvRvCbw8NiuILysaliGU9is8IGvk/Kujb0d9eT4MWG EmJ6q0pwzzyKybkSIn/JNlvrzoslRE4Di63PoXT8Di8/Esq+QAZKHXSfhDD8badtg5 zJ0AZV98JhKlAt7QkIeA1uQDMegZ+fqMfihwebf3RWFKk1vNalewBn5NRVSYtf3NPQ nAjr++jPkMjCwcgwUaWP4eo9GXwwT2jJ+Ocp4gpLizlJJLPKSobpn9GrmvDdgdjGzB 0lN1+77NE3M2A== Received: (from zarychtam@localhost) by plan-b.pwste.edu.pl (8.15.2/8.15.2/Submit) id w5OJ7Q7O006874; Sun, 24 Jun 2018 21:07:26 +0200 (CEST) (envelope-from zarychtam) Date: Sun, 24 Jun 2018 21:07:26 +0200 From: Marek Zarychta To: Kristof Provost Cc: freebsd-pf@freebsd.org Subject: Re: pfr_update_stats: assertion failed. Message-ID: <20180624190726.GA6807@plan-b.pwste.edu.pl> References: <20161016181713.GA95110@plan-b.pwste.edu.pl> <20180623152729.GA81271@plan-b.pwste.edu.pl> <20180623164616.GA82672@plan-b.pwste.edu.pl> <322F58D6-B7CA-4F78-A860-D43E4F07E402@sigsegv.be> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="7AUc2qLy4jB3hD7Z" Content-Disposition: inline In-Reply-To: <322F58D6-B7CA-4F78-A860-D43E4F07E402@sigsegv.be> User-Agent: Mutt/1.10.0 (2018-05-17) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2018 19:07:31 -0000 --7AUc2qLy4jB3hD7Z Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jun 24, 2018 at 01:56:07PM +0200, Kristof Provost wrote: > On 23 Jun 2018, at 18:46, Marek Zarychta wrote: > > On Sat, Jun 23, 2018 at 05:27:29PM +0200, Marek Zarychta wrote: > >> On Sun, Oct 16, 2016 at 08:17:13PM +0200, Marek Zarychta wrote: > >>> The issue occurred first two years ago, after upgrade from 8 to 9 > >>> branch. Now this i386 machine is running 11.0-STABLE and despite it= =20 > >>> was > >>> compiled with "WITHOUT_ASSERT_DEBUG=3Dyes", still from time to time > >>> message buffer is fed with: > >>> pfr_update_stats: assertion failed. > >>> pfr_update_stats: assertion failed. > >>> pfr_update_stats: assertion failed. > >>> pfr_update_stats: assertion failed. > >>> pfr_update_stats: assertion failed. > >>> pfr_update_stats: assertion failed. > >>> pfr_update_stats: assertion failed. > >> > >> These messages are still filling system message buffer. According to > >> pfctl (8) there is nothing wrong with incrementing "XPass" counters > >> instead of the "Pass" counters. The message "pfr_update_stats:=20 > >> assertion > >> failed" is printed for debugging purposes only. One could also=20 > >> compare > >> the counters with the command "pfctl -sT -vv". > >> > >> OpenBSD converted printf()'s to DPFDEBUG() macro in their sources=20 > >> almost > >> 8 years ago. Only this printf() in pf_table.c has been converted to=20 > >> the > >> level of LOG_DEBUG [1]. > >> > >> Perhaps this line of code could be removed from FreeBSD PF sources? > >> > > > > The previous patch was hastily prepared. It should rather look like=20 > > this: > > > > --- sys/netpfil/pf/pf_table.orig.c 2018-06-23 16:40:14.876882000 +0200 > > +++ sys/netpfil/pf/pf_table.c 2018-06-23 18:17:49.353490000 +0200 > > @@ -1984,9 +1984,7 @@ > > panic("%s: unknown address family %u", __func__, af); > > } > > - if ((ke =3D=3D NULL || ke->pfrke_not) !=3D notrule) { > > - if (op_pass !=3D PFR_OP_PASS) > > - printf("pfr_update_stats: assertion failed.\n"); > > + if ((ke =3D=3D NULL || ke->pfrke_not) !=3D notrule) > > op_pass =3D PFR_OP_XPASS; > > - } > > kt->pfrkt_packets[dir_out][op_pass]++; > > kt->pfrkt_bytes[dir_out][op_pass] +=3D len; > > > We could delete those lines and that=E2=80=99d get rid of the dmesg noise= , but=20 > I=E2=80=99m a bit worried that this demonstrates an actual problem. > It=E2=80=99s not at all clear to me what=E2=80=99s going on in this bit o= f the code,=20 > and the OpenBSD repo doesn=E2=80=99t have any information about it either. >=20 This machine acts as a NAT/firewall gateway for about a hundred users. A few hundred of PF rules + 20 tables are used. The error appeared suddenly after upgrade from 8-STABLE to 10-STABLE 3 years ago. It never occurred when the firewall run PF on 8-STABLE. I don't remember whether firewall rules were changed at that time. If it is true then changes concerned only the compatibility with the newer version of PF. If it demonstrates an actual problem, then, please give me a clue how to debug it. On the other hand, ~6 years ago PF was significantly reworked. Is this piece of code still relevant there? --=20 Marek Zarychta --7AUc2qLy4jB3hD7Z Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEMOqvKm6wKvS1/ZeCdZ/s//1SjSwFAlsv6+sACgkQdZ/s//1S jSxYcAf7BKSdrEyjJKZqwlBbF/8oGclpxkocwmkOI4pl68fRvn7fSa5+vYn2V8cL e6Wuxq7OBroQAnxaP90WM/cJFrWvcHttnrMBVtbn3nIECht95qvC4WQeJd4oevyY 4CMMIdXqNTk/y6WZRvV0TQhvOw7iAQuc34Um6FvTgGlbYsDmhwAWBwL3p/oveHFS PGYfBImBhLo8rmoo3C3ppZUP7WgVVv+yUc7EByK60ID/IeAxh8MQ8AAgcGC9mNyz yt/K4g4ICd0pkx5bo3SX1yxigBUT3x1FbrHkNzxCAfyNFG8biDjB5xHkAUaMc8dF 6qLt9dZsXxoRniCBeNaWb9vZ0UjkvQ== =9HXl -----END PGP SIGNATURE----- --7AUc2qLy4jB3hD7Z-- From owner-freebsd-pf@freebsd.org Sun Jun 24 19:28:25 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 749B5100A545 for ; Sun, 24 Jun 2018 19:28:25 +0000 (UTC) (envelope-from srs0=3krg=jk=sigsegv.be=kristof@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9724E73C79 for ; Sun, 24 Jun 2018 19:28:24 +0000 (UTC) (envelope-from srs0=3krg=jk=sigsegv.be=kristof@codepro.be) Received: from [172.28.128.1] (ptr-8rgnodtexwcxco6sd6i.18120a2.ip6.access.telenet.be [IPv6:2a02:1811:240b:b802:12f:460a:85e4:57ba]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 0AFC0421F5; Sun, 24 Jun 2018 21:28:21 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigsegv.be; s=mail; t=1529868502; bh=ANekh/ijx5V7zSrdQ6MbAuviclIi4a9qcBZqHrW2Reg=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=eIx96kGjBovvjA/5l47Zwdfuta/dQ7tgIuDMr2+N+TF5m+FPX0C6B5MYuPksnYH5B ols5bdAXvgu5Md0I1XFJScVwIQAU8n3Q26MN28+4IZdUP81O+VKmYVEKWMKhz9i7uE 5uoyL7/dY/pun81Oa6CFzso2J65/kVySmfBEy/FQ= From: "Kristof Provost" To: "Marek Zarychta" Cc: freebsd-pf@freebsd.org Subject: Re: pfr_update_stats: assertion failed. Date: Sun, 24 Jun 2018 21:28:19 +0200 X-Mailer: MailMate (2.0BETAr6113) Message-ID: <5D8E4DA7-3984-47DE-89E7-2B731525573C@sigsegv.be> In-Reply-To: <20180624190726.GA6807@plan-b.pwste.edu.pl> References: <20161016181713.GA95110@plan-b.pwste.edu.pl> <20180623152729.GA81271@plan-b.pwste.edu.pl> <20180623164616.GA82672@plan-b.pwste.edu.pl> <322F58D6-B7CA-4F78-A860-D43E4F07E402@sigsegv.be> <20180624190726.GA6807@plan-b.pwste.edu.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2018 19:28:25 -0000 On 24 Jun 2018, at 21:07, Marek Zarychta wrote: > On Sun, Jun 24, 2018 at 01:56:07PM +0200, Kristof Provost wrote: >> On 23 Jun 2018, at 18:46, Marek Zarychta wrote: >>> On Sat, Jun 23, 2018 at 05:27:29PM +0200, Marek Zarychta wrote: >>>> On Sun, Oct 16, 2016 at 08:17:13PM +0200, Marek Zarychta wrote: >>>>> The issue occurred first two years ago, after upgrade from 8 to 9 >>>>> branch. Now this i386 machine is running 11.0-STABLE and despite >>>>> it >>>>> was >>>>> compiled with "WITHOUT_ASSERT_DEBUG=yes", still from time to time >>>>> message buffer is fed with: >>>>> pfr_update_stats: assertion failed. >>>>> pfr_update_stats: assertion failed. >>>>> pfr_update_stats: assertion failed. >>>>> pfr_update_stats: assertion failed. >>>>> pfr_update_stats: assertion failed. >>>>> pfr_update_stats: assertion failed. >>>>> pfr_update_stats: assertion failed. >>>> >>>> These messages are still filling system message buffer. According >>>> to >>>> pfctl (8) there is nothing wrong with incrementing "XPass" counters >>>> instead of the "Pass" counters. The message "pfr_update_stats: >>>> assertion >>>> failed" is printed for debugging purposes only. One could also >>>> compare >>>> the counters with the command "pfctl -sT -vv". >>>> >>>> OpenBSD converted printf()'s to DPFDEBUG() macro in their sources >>>> almost >>>> 8 years ago. Only this printf() in pf_table.c has been converted to >>>> the >>>> level of LOG_DEBUG [1]. >>>> >>>> Perhaps this line of code could be removed from FreeBSD PF sources? >>>> >>> >>> The previous patch was hastily prepared. It should rather look like >>> this: >>> >>> --- sys/netpfil/pf/pf_table.orig.c 2018-06-23 16:40:14.876882000 >>> +0200 >>> +++ sys/netpfil/pf/pf_table.c 2018-06-23 18:17:49.353490000 +0200 >>> @@ -1984,9 +1984,7 @@ >>> panic("%s: unknown address family %u", __func__, af); >>> } >>> - if ((ke == NULL || ke->pfrke_not) != notrule) { >>> - if (op_pass != PFR_OP_PASS) >>> - printf("pfr_update_stats: assertion failed.\n"); >>> + if ((ke == NULL || ke->pfrke_not) != notrule) >>> op_pass = PFR_OP_XPASS; >>> - } >>> kt->pfrkt_packets[dir_out][op_pass]++; >>> kt->pfrkt_bytes[dir_out][op_pass] += len; >>> >> We could delete those lines and that’d get rid of the dmesg noise, >> but >> I’m a bit worried that this demonstrates an actual problem. >> It’s not at all clear to me what’s going on in this bit of the >> code, >> and the OpenBSD repo doesn’t have any information about it either. >> > > This machine acts as a NAT/firewall gateway for about a hundred users. > A few hundred of PF rules + 20 tables are used. The error appeared > suddenly after upgrade from 8-STABLE to 10-STABLE 3 years ago. It > never > occurred when the firewall run PF on 8-STABLE. I don't remember > whether > firewall rules were changed at that time. If it is true then changes > concerned only the compatibility with the newer version of PF. > > If it demonstrates an actual problem, then, please give me a clue how > to > debug it. On the other hand, ~6 years ago PF was significantly > reworked. > Is this piece of code still relevant there? > I honestly don’t know. I’d be good to actually investigate this before simply removing the warning. Unfortunately I just don’t have the time to dig into this right now. The only thing I can suggest is to look at the code and work out where the op_pass value comes from (and perhaps also what it’s used for. Why is PRF_OP_XPASS better than !PFR_OP_PASS? It’s still present (though perhaps not logged) in OpenBSD too. Regards, Kristof From owner-freebsd-pf@freebsd.org Sun Jun 24 21:00:27 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1985B100FA76 for ; Sun, 24 Jun 2018 21:00:27 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id CE81F7A783 for ; Sun, 24 Jun 2018 21:00:26 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id 91F96100FA6E; Sun, 24 Jun 2018 21:00:26 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 808FC100FA6C for ; Sun, 24 Jun 2018 21:00:26 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 23E377A77A for ; Sun, 24 Jun 2018 21:00:26 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 62FAE97D0 for ; Sun, 24 Jun 2018 21:00:25 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w5OL0PUK040942 for ; Sun, 24 Jun 2018 21:00:25 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w5OL0P1H040939 for pf@FreeBSD.org; Sun, 24 Jun 2018 21:00:25 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201806242100.w5OL0P1H040939@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: pf@FreeBSD.org Subject: Problem reports for pf@FreeBSD.org that need special attention Date: Sun, 24 Jun 2018 21:00:25 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2018 21:00:27 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- Open | 203735 | Transparent interception of ipv6 with squid and p 1 problems total for which you should take action. From owner-freebsd-pf@freebsd.org Mon Jun 25 20:14:58 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E1433101D80D for ; Mon, 25 Jun 2018 20:14:57 +0000 (UTC) (envelope-from jbwlists@hilltopgroup.com) Received: from equinox.hilltopgroup.com (equinox.hilltopgroup.com [204.109.63.175]) by mx1.freebsd.org (Postfix) with ESMTP id 845578BD1F for ; Mon, 25 Jun 2018 20:14:57 +0000 (UTC) (envelope-from jbwlists@hilltopgroup.com) Received: from mail.relativity.hilltop.int (unknown [104.185.205.155]) by equinox.hilltopgroup.com (Postfix) with ESMTP id EA70B37BDEE for ; Mon, 25 Jun 2018 16:14:50 -0400 (EDT) Received: from sovereign.sector005 (equinox.hilltopgroup.com [204.109.63.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: jbwlists@hilltopgroup.com) by mail.relativity.hilltop.int (Postfix) with ESMTPSA id 8CCF81668D for ; Mon, 25 Jun 2018 16:14:50 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hilltopgroup.com; s=mail; t=1529957690; bh=FUS91AmbkyFQlEZGBwpkmBCtLSeuIwJ6/5ijxg35YQs=; h=To:From:Subject:Date; b=Sf7i52Bx8O4LEXzkWtb+xhJBVavKRDxockzeTg4UQQRZXT7m/O5Qfffumy9LnMLBQ WMtNM22ub91jvI3tOCXDGQvwsBJKKNEQ0/jVI35emMa987mZDbv8k0RFrjcSdol7lA Rh//M6e6JPlJUgvYM5L6xYSpxZT9Gf3nFZs610Gs= To: freebsd-pf@freebsd.org From: Joseph Ward Subject: "egress" group Message-ID: <1822764a-e237-ddd3-639d-62fd01b2bbdc@hilltopgroup.com> Date: Mon, 25 Jun 2018 16:12:49 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 Content-Language: en-US Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jun 2018 20:14:58 -0000 My current pf.conf contains the following lines (with a lot of other stuff redacted for irrelevance): ext_if="em0" ... block log all pass in on $ext_if proto tcp from any to any port 22 flags S/SA keep state and it works great; ssh is able to get in.  However, when I change "$ext_if" to "egress", it no longer works.  From the various documentation I've found online, egress should automatically be the interface which has the default route, and netstat -rn gives me: Routing tables Internet: Destination        Gateway            Flags     Netif Expire default            192.168.6.1        UGS         em0 Am I missing something?  My goal is for this pf.conf to be able to be used on multiple systems which unfortunately have different network cards, so the interface names are different.  If "egress" isn't going to work, is there another way to accomplish that goal? Thanks, Joseph Ward From owner-freebsd-pf@freebsd.org Tue Jun 26 06:32:14 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2EDEE10139B7 for ; Tue, 26 Jun 2018 06:32:14 +0000 (UTC) (envelope-from srs0=9bd2=jm=sigsegv.be=kristof@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B582582202 for ; Tue, 26 Jun 2018 06:32:13 +0000 (UTC) (envelope-from srs0=9bd2=jm=sigsegv.be=kristof@codepro.be) Received: from [172.28.128.1] (ptr-8rgnodx8wv4znqkk2bx.18120a2.ip6.access.telenet.be [IPv6:2a02:1811:240b:b802:fd34:9b7d:45b0:b4cd]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id CC7E84491C; Tue, 26 Jun 2018 08:32:11 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigsegv.be; s=mail; t=1529994731; bh=mIduzaGbXgMB6u/RnKoUld5rt68losW+ENjyGpX+Gtg=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=XczO6zAVCwV2lMsaoxQui8479aDuaHJt3M1LFlSxZKh2mHJd1qU5rr63BksM7ZkpV SFcpzgES44unQ2UXl/pXBctwu3B751lzq6nAL71oiC/SwUgX9OrZdWTvucoRIz/sI+ TW5MQWm8nuLfomgN7AWxW68eJLBzEsW+4C8jc73U= From: "Kristof Provost" To: "Joseph Ward" Cc: freebsd-pf@freebsd.org Subject: Re: "egress" group Date: Tue, 26 Jun 2018 08:32:09 +0200 X-Mailer: MailMate (2.0BETAr6113) Message-ID: <19CD2668-9ADC-47A5-865F-7CA93732D11C@sigsegv.be> In-Reply-To: <1822764a-e237-ddd3-639d-62fd01b2bbdc@hilltopgroup.com> References: <1822764a-e237-ddd3-639d-62fd01b2bbdc@hilltopgroup.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2018 06:32:14 -0000 On 25 Jun 2018, at 22:12, Joseph Ward wrote: > My current pf.conf contains the following lines (with a lot of other > stuff redacted for irrelevance): > > ext_if="em0" > ... > block log all > pass in on $ext_if proto tcp from any to any port 22 flags S/SA keep > state > > > and it works great; ssh is able to get in.  However, when I change > "$ext_if" to "egress", it no longer works.  From the various > documentation I've found online, egress should automatically be the > interface which has the default route, and netstat -rn gives me: > ‘egress’ exists in OpenBSD’s pf, but not in FreeBSD. > My goal is for this pf.conf to be able to be used on multiple systems > which unfortunately have different network cards, so the interface > names > are different.  If "egress" isn't going to work, is there another way > to > accomplish that goal? > You could rename your network card (ifconfig em0 name foo). That’d let you hide the difference from pf (but you’d have to cope with it in /etc/rc.conf) Regards, Kristof From owner-freebsd-pf@freebsd.org Tue Jun 26 08:07:21 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 78F10101897E for ; Tue, 26 Jun 2018 08:07:21 +0000 (UTC) (envelope-from patrick@davenulle.org) Received: from sender-of-o52.zoho.com (sender-of-o52.zoho.com [135.84.80.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 093AD856BC for ; Tue, 26 Jun 2018 08:07:20 +0000 (UTC) (envelope-from patrick@davenulle.org) Received: from mr185083 (mr185083.univ-rennes1.fr [129.20.185.83]) by mx.zohomail.com with SMTPS id 1530000422651887.3266947071393; Tue, 26 Jun 2018 01:07:02 -0700 (PDT) Date: Tue, 26 Jun 2018 10:06:58 +0200 From: Patrick Lamaiziere To: Joseph Ward Cc: freebsd-pf@freebsd.org Subject: Re: "egress" group Message-ID: <20180626100658.2f758bdc@mr185083> In-Reply-To: <1822764a-e237-ddd3-639d-62fd01b2bbdc@hilltopgroup.com> References: <1822764a-e237-ddd3-639d-62fd01b2bbdc@hilltopgroup.com> X-Mailer: Claws Mail 3.15.1 (GTK+ 2.24.31; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2018 08:07:21 -0000 Le Mon, 25 Jun 2018 16:12:49 -0400, Joseph Ward a =C3=A9crit : Hello, > My goal is for this pf.conf to be able to be used on multiple systems > which unfortunately have different network cards, so the interface > names are different.=C2=A0 If "egress" isn't going to work, is there > another way to accomplish that goal? You can use some interface groups. ifconfig_ix0=3D"inet 192.168.20.251/24 group CARPDEV group IFFOO" then in pf.conf use the groups pass in on IFFOO ... or pass quick on CARPDEV proto carp keep state (no-sync) There are several restrictions, you can't use group interface in pf rules "set skip" and on nat/route-to rules. And the name of a group cannot end by a number (IFFOO1 -> invalid) But that's work fine, we use groups a lot here. Regards From owner-freebsd-pf@freebsd.org Tue Jun 26 14:10:36 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 45A5610285B9 for ; Tue, 26 Jun 2018 14:10:36 +0000 (UTC) (envelope-from jbwlists@hilltopgroup.com) Received: from equinox.hilltopgroup.com (equinox.hilltopgroup.com [204.109.63.175]) by mx1.freebsd.org (Postfix) with ESMTP id D017472012 for ; Tue, 26 Jun 2018 14:10:35 +0000 (UTC) (envelope-from jbwlists@hilltopgroup.com) Received: from mail.relativity.hilltop.int (unknown [104.185.205.155]) by equinox.hilltopgroup.com (Postfix) with ESMTP id 3AA4D37BDCC; Tue, 26 Jun 2018 10:10:35 -0400 (EDT) Received: from sovereign.sector005 (equinox.hilltopgroup.com [204.109.63.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: jbwlists@hilltopgroup.com) by mail.relativity.hilltop.int (Postfix) with ESMTPSA id C187917791; Tue, 26 Jun 2018 10:10:34 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hilltopgroup.com; s=mail; t=1530022234; bh=32UB84satfbUdy783VbAUxgxwJ1IeLwdVvYwDjf0jdU=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=fUlJErQZjidATjlWKIpfIDqgRkZDUOKGUhYb9yv0ob36Y7J/iZU5ASqS5vnmWwUp+ aCCi/DKdSHnSuR2NTmSmoVWcEqc5haLkpfgNJyJCewqQESe9Moxt5CwgaU3UUsc+sJ QG4+wXtu8n1hGKiH3vfjmuNomTnloqhIY2oa/1VA= Subject: Re: "egress" group To: Kristof Provost Cc: freebsd-pf@freebsd.org References: <1822764a-e237-ddd3-639d-62fd01b2bbdc@hilltopgroup.com> <19CD2668-9ADC-47A5-865F-7CA93732D11C@sigsegv.be> From: Joseph Ward Message-ID: <849b5bce-40c4-3a44-8682-b59cfe331abe@hilltopgroup.com> Date: Tue, 26 Jun 2018 10:08:32 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <19CD2668-9ADC-47A5-865F-7CA93732D11C@sigsegv.be> Content-Language: en-US Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jun 2018 14:10:36 -0000 Thank you; I didn't even realize I could rename the interface.  Part of the install script already has to deal with the varying interface names for rc.conf, so I'll just change the name there. The other suggestion, about adding the cards to a group would be about the same effort, but since I do have nat/rdr rules which are referencing the external interface it seems the groups wouldn't work, so renaming it is. Thanks again! -Joseph On 06/26/2018 02:32, Kristof Provost wrote: > > On 25 Jun 2018, at 22:12, Joseph Ward wrote: > > My current pf.conf contains the following lines (with a lot of other > stuff redacted for irrelevance): > > ext_if="em0" > ... > block log all > pass in on $ext_if proto tcp from any to any port 22 flags S/SA > keep state > > > and it works great; ssh is able to get in.  However, when I change > "$ext_if" to "egress", it no longer works.  From the various > documentation I've found online, egress should automatically be the > interface which has the default route, and netstat -rn gives me: > > ‘egress’ exists in OpenBSD’s pf, but not in FreeBSD. > > My goal is for this pf.conf to be able to be used on multiple systems > which unfortunately have different network cards, so the interface > names > are different.  If "egress" isn't going to work, is there another > way to > accomplish that goal? > > You could rename your network card (ifconfig em0 name foo). That’d let > you hide the difference from pf (but you’d have to cope with it in > /etc/rc.conf) > > Regards, > Kristof > From owner-freebsd-pf@freebsd.org Fri Jun 29 08:58:02 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3240310351E6 for ; Fri, 29 Jun 2018 08:58:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id B058A82B72 for ; Fri, 29 Jun 2018 08:58:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 6660410351E5; Fri, 29 Jun 2018 08:58:01 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 418CA10351E4 for ; Fri, 29 Jun 2018 08:58:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CAE8D82B71 for ; Fri, 29 Jun 2018 08:58:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 1AA45221E6 for ; Fri, 29 Jun 2018 08:58:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w5T8vxsE001509 for ; Fri, 29 Jun 2018 08:57:59 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w5T8vx6Y001508 for pf@FreeBSD.org; Fri, 29 Jun 2018 08:57:59 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229404] [pflog] [patch] pflogs kernel modules build fails with VIMAGE Date: Fri, 29 Jun 2018 08:57:59 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-STABLE X-Bugzilla-Keywords: easy, patch-ready X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status keywords bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2018 08:58:02 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229404 Bug ID: 229404 Summary: [pflog] [patch] pflogs kernel modules build fails with VIMAGE Product: Base System Version: 11.2-STABLE Hardware: Any OS: Any Status: New Keywords: easy, patch-ready Severity: Affects Some People Priority: --- Component: kern Assignee: pf@FreeBSD.org Reporter: eugen@freebsd.org Created attachment 194720 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D194720&action= =3Dedit add opt_global.h pflog's module Makefile fails to include opt_global.h to SRCS leading to bu= ild error for VIMAGE case. Trivial patch fixing this is attached. cc -O2 -pipe -include opt_global.h -march=3Dcore2 -fno-strict-aliasing -We= rror -D_KERNEL -DKLD_MODULE -nostdinc -I. -I/data2/src/sys -fno-common=20 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -MD=20 -MF.depend.if_pflog.o -MTif_pflog.o -mcmodel=3Dkernel -mno-red-zone -mno-mmx -mno-sse -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fwra= pv -fstack-protector -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototy= pes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -D__printf__=3D__freebsd_kprintf__ -Wmissing-include-dirs -fdiagnostics-show-option -Wno-unknown-pragmas -Wno-error-tautological-comp= are -Wno-error-empty-body -Wno-error-parentheses-equality -Wno-error-unused-function -Wno-error-pointer-sign -Wno-error-shift-negative-value -Wno-error-address-of-packed-member -mno-a= es -mno-avx -std=3Diso9899:1999 -c /data2/src/sys/netpfil/pf/if_pflog.c -o if_pflog.o :1:10: fatal error: 'opt_global.h' file not found #include "opt_global.h" ^~~~~~~~~~~~~~ 1 error generated. *** Error code 1 --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Fri Jun 29 09:13:18 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AA87B103589E for ; Fri, 29 Jun 2018 09:13:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 4014C8346D for ; Fri, 29 Jun 2018 09:13:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 02EB1103589D; Fri, 29 Jun 2018 09:13:18 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E132C103589C for ; Fri, 29 Jun 2018 09:13:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 62D128346C for ; Fri, 29 Jun 2018 09:13:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 90EDD22496 for ; Fri, 29 Jun 2018 09:13:16 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w5T9DG08056236 for ; Fri, 29 Jun 2018 09:13:16 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w5T9DGZ6056225 for pf@FreeBSD.org; Fri, 29 Jun 2018 09:13:16 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229404] [pflog] [patch] pflogs kernel modules build fails with VIMAGE Date: Fri, 29 Jun 2018 09:13:16 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-STABLE X-Bugzilla-Keywords: easy, patch-ready X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: attachments.isobsolete attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2018 09:13:18 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229404 Eugene Grosbein changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #194720|0 |1 is obsolete| | --- Comment #1 from Eugene Grosbein --- Created attachment 194721 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D194721&action= =3Dedit add opt_global.h --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Fri Jun 29 09:14:12 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C88DE10358D6 for ; Fri, 29 Jun 2018 09:14:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 6440C834AC for ; Fri, 29 Jun 2018 09:14:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 23D6F10358D1; Fri, 29 Jun 2018 09:14:12 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1237F10358CF for ; Fri, 29 Jun 2018 09:14:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A5058834A9 for ; Fri, 29 Jun 2018 09:14:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id E1D0622497 for ; Fri, 29 Jun 2018 09:14:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w5T9EAHq075572 for ; Fri, 29 Jun 2018 09:14:10 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w5T9EAZo075564 for pf@FreeBSD.org; Fri, 29 Jun 2018 09:14:10 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229404] [pflog] [pfsync] [patch] pflogs/pfsync kernel modules build fails with VIMAGE Date: Fri, 29 Jun 2018 09:14:11 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-STABLE X-Bugzilla-Keywords: easy, patch-ready X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc short_desc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2018 09:14:13 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229404 Eugene Grosbein changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |net@FreeBSD.org Summary|[pflog] [patch] pflogs |[pflog] [pfsync] [patch] |kernel modules build fails |pflogs/pfsync kernel |with VIMAGE |modules build fails with | |VIMAGE --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Fri Jun 29 09:24:52 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 434D21035B9D for ; Fri, 29 Jun 2018 09:24:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id D1EF883913 for ; Fri, 29 Jun 2018 09:24:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 9251C1035B9B; Fri, 29 Jun 2018 09:24:51 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E3611035B99 for ; Fri, 29 Jun 2018 09:24:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1171A8390F for ; Fri, 29 Jun 2018 09:24:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 53D6622627 for ; Fri, 29 Jun 2018 09:24:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w5T9Ooq0018438 for ; Fri, 29 Jun 2018 09:24:50 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w5T9OoVt018437 for pf@FreeBSD.org; Fri, 29 Jun 2018 09:24:50 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229404] [pflog] [pfsync] [patch] pflogs/pfsync kernel modules build fails with VIMAGE Date: Fri, 29 Jun 2018 09:24:50 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-STABLE X-Bugzilla-Keywords: easy, patch-ready X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2018 09:24:52 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229404 Kristof Provost changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kp@freebsd.org --- Comment #2 from Kristof Provost --- How are you building? For what platform? VIMAGE is enabled in GENERIC (at least for some platforms), so I'm not sure= why you're seeing this and I'm not. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Fri Jun 29 09:50:56 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 03C9710360C2 for ; Fri, 29 Jun 2018 09:50:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 94407842CD for ; Fri, 29 Jun 2018 09:50:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 514F310360C0; Fri, 29 Jun 2018 09:50:55 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3F98D10360BF for ; Fri, 29 Jun 2018 09:50:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D3601842CA for ; Fri, 29 Jun 2018 09:50:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 17CD6228F6 for ; Fri, 29 Jun 2018 09:50:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w5T9or7O065080 for ; Fri, 29 Jun 2018 09:50:53 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w5T9orme065079 for pf@FreeBSD.org; Fri, 29 Jun 2018 09:50:53 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229404] [pflog] [pfsync] [patch] pflogs/pfsync kernel modules build fails with VIMAGE Date: Fri, 29 Jun 2018 09:50:54 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-STABLE X-Bugzilla-Keywords: easy, patch-ready X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: eugen@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2018 09:50:56 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229404 --- Comment #3 from Eugene Grosbein --- (In reply to Kristof Provost from comment #2) I build kernel module outside of kernel build environment while having enab= led VIMAGE=3D in /etc/src.conf, FreeBSD 11.2-STABLE/amd64, or this way: cd /usr/src/sys/modules/pflog && make VIMAGE=3Dyes --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Fri Jun 29 11:09:54 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 64E741037677 for ; Fri, 29 Jun 2018 11:09:54 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (plan-b.pwste.edu.pl [IPv6:2001:678:618::40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "plan-b.pwste.edu.pl", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D43A8865B9 for ; Fri, 29 Jun 2018 11:09:53 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (zarychtam@localhost [127.0.0.1]) by plan-b.pwste.edu.pl (8.15.2/8.15.2) with ESMTPS id w5TB9oRd007940 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 29 Jun 2018 13:09:50 +0200 (CEST) (envelope-from zarychtam@plan-b.pwste.edu.pl) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=plan-b.pwste.edu.pl; s=plan-b-mailer; t=1530270590; bh=uqYpcPdEhjAIEsbdQdB2J5EVHz8/blRe4OmZs1Jy9eY=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=PZk6/YWJovJ7p2nbqnSrzLp1N6qYHbitodEL3avyXSGhxrzsp4D4Uc+rFL2k7t7ef fXblIAyXf49R0DmMSlrV7nFWiMOSl7O0QQbmJKi2UVNsFFQ/itE5lmgG1bMBDlJLKI s7/wXoOrk2VmwVh/E2oW6yb4EwUzdlNMGi6ameSfUF2D/6YaqOf9opqsZTmkao520D QorEk5P5H453l0GNH7Nm3mhRxL7MkM1Kw03vSQoQib568wqoNCMGUSZPgQDxrq1WvS QbxZE6K4jIh+cYBxZyoKSu1h7Y1DYiZ1Lsrtq4xnvOkkV+CpIfGwCP4w/AQfid8cno o2vOEpi3KuFBw== Received: (from zarychtam@localhost) by plan-b.pwste.edu.pl (8.15.2/8.15.2/Submit) id w5TB9ncF007939; Fri, 29 Jun 2018 13:09:49 +0200 (CEST) (envelope-from zarychtam) Date: Fri, 29 Jun 2018 13:09:49 +0200 From: Marek Zarychta To: Kristof Provost Cc: freebsd-pf@freebsd.org Subject: Re: pfr_update_stats: assertion failed. Message-ID: <20180629110949.GA7595@plan-b.pwste.edu.pl> References: <20161016181713.GA95110@plan-b.pwste.edu.pl> <20180623152729.GA81271@plan-b.pwste.edu.pl> <20180623164616.GA82672@plan-b.pwste.edu.pl> <322F58D6-B7CA-4F78-A860-D43E4F07E402@sigsegv.be> <20180624190726.GA6807@plan-b.pwste.edu.pl> <5D8E4DA7-3984-47DE-89E7-2B731525573C@sigsegv.be> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="XsQoSWH+UP9D9v3l" Content-Disposition: inline In-Reply-To: <5D8E4DA7-3984-47DE-89E7-2B731525573C@sigsegv.be> User-Agent: Mutt/1.10.0 (2018-05-17) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2018 11:09:54 -0000 --XsQoSWH+UP9D9v3l Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jun 24, 2018 at 09:28:19PM +0200, Kristof Provost wrote: > The only thing I can suggest is to look at the code and work out where=20 > the op_pass value comes from (and perhaps also what it=E2=80=99s used for= =2E Why=20 > is PRF_OP_XPASS better than !PFR_OP_PASS? >=20 > It=E2=80=99s still present (though perhaps not logged) in OpenBSD too. I have made some changes to PF code to be even more verbose here and finally realized where the problem was. There were three internal interfaces on the host: int_if1, int_if2 and if_if3 - interfaces addressed in different subnets of RFC1918 space, a table: table (corvering the whole RFC1918 adress space) and a set of rules including:=20 (...) rule A:=20 rdr pass on {$int_if1, $int_if2, $int_if3} inet proto tcp to self port 80 -= > 127.0.0.1 port 58080 (...)=20 rule B: block in quick on {$int_if1, $int_if2, $int_if3} to (...) The rules are seemingly contrary to each other in case the table contains addresses of all internal interfaces. The rule A was usually covered when the packet designed for int_if1 was received on int_if1 and there were some rules, not shown here, which allowed to pass in such a traffic. But sometimes it was also triggered when the packet designed for int_if1 was received on int_if2 or int_if3 and only, in this case, (op_pass !=3D PFR_OP_PASS) was fulfilled. I wonder why this has never happened for PF used in FreeBSD 8 branch? Maybe the change in pf.conf which has been made after upgrade altered the syntax of pf.conf in a significant way, far more than I expected. So let me apologise for the noise here. Please keep the code unchanged and thank you for the help. Best regards, --=20 Marek Zarychta --XsQoSWH+UP9D9v3l Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEMOqvKm6wKvS1/ZeCdZ/s//1SjSwFAls2E3oACgkQdZ/s//1S jSwmXgf/RW7kM99fQlE3eB6PmTz9vb80G9choRSh8H2yAMFzmHl0PEGbDSNptaGV 8u0+Dxtz6qDXft6B6qHvtt8s0CaoJbySQZKb8KITB1qnMJnBUftvLfW6A92Ej0IE xbeckq22Zxrtks5JgaL05qLmXEZXjW5wiFSS5ZCRZfc5l5Nj+u7p2Wc60No1n2Ti xoSkeIgzBzRm6HcIQBU7+tRfXv+89h54n7f37jSiE4mBQzuQxrIMbLKmaaFRDltC rNuOnGzQcceyMvIu/xOqe3OWU2NmjUfsXXCrcK/Uqu4cE5Yx47FcA8bQ8D2zn2ry S1eqy934cTNyJzx1N08kzYNlomQRxQ== =4Ih1 -----END PGP SIGNATURE----- --XsQoSWH+UP9D9v3l-- From owner-freebsd-pf@freebsd.org Fri Jun 29 12:37:39 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3EBB71039F99 for ; Fri, 29 Jun 2018 12:37:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id CBA3589C50 for ; Fri, 29 Jun 2018 12:37:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 8C2D01039F98; Fri, 29 Jun 2018 12:37:38 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A0A21039F97 for ; Fri, 29 Jun 2018 12:37:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 18A7989C4D for ; Fri, 29 Jun 2018 12:37:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 450B824083 for ; Fri, 29 Jun 2018 12:37:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w5TCbbCe031759 for ; Fri, 29 Jun 2018 12:37:37 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w5TCbbVc031757 for pf@FreeBSD.org; Fri, 29 Jun 2018 12:37:37 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229092] [pf] [pfsync] States created by route-to rules pfsynced without interface Date: Fri, 29 Jun 2018 12:37:37 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vegeta@tuxpowered.net X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2018 12:37:39 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229092 --- Comment #3 from Kajetan Staszkiewicz --- I found another bug: states synced during initial bulk update are considere= d to come from incompatible ruleset, even if ruleset *is* compatible. I also must raise a question why the initial sync is "update" and not "insert". --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -874,21 +874,21 @@ pfsync_in_upd(struct pfsync_pkt *pkt, struct mbuf *m,= int offset, int count) printf("pfsync_input: PFSYNC_ACT_UPD: " "invalid value\n"); } V_pfsyncstats.pfsyncs_badval++; continue; } st =3D pf_find_state_byid(sp->id, sp->creatorid); if (st =3D=3D NULL) { /* insert the update */ - if (pfsync_state_import(sp, 0)) + if (pfsync_state_import(sp, pkt->flags)) V_pfsyncstats.pfsyncs_badstate++; continue; } if (st->state_flags & PFSTATE_ACK) { PFSYNC_LOCK(sc); pfsync_undefer_state(st, 1); PFSYNC_UNLOCK(sc); } This bug is fixed in OpenBSD some time ago: https://github.com/openbsd/src/commit/ddb7828bc6708358e6c08caaf09e3524e8cab= 7b4 --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Fri Jun 29 16:47:20 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CF977EFE2FF for ; Fri, 29 Jun 2018 16:47:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 63EB072163 for ; Fri, 29 Jun 2018 16:47:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 252B0EFE2FC; Fri, 29 Jun 2018 16:47:19 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 12743EFE2FB for ; Fri, 29 Jun 2018 16:47:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A1B6A7215E for ; Fri, 29 Jun 2018 16:47:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id CE4162635B for ; Fri, 29 Jun 2018 16:47:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w5TGlHgP068816 for ; Fri, 29 Jun 2018 16:47:17 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w5TGlHOc068813 for pf@FreeBSD.org; Fri, 29 Jun 2018 16:47:17 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 226850] [pf] Matching but failed rules block without return Date: Fri, 29 Jun 2018 16:47:17 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2018 16:47:20 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D226850 --- Comment #23 from commit-hook@freebsd.org --- A commit references this bug: Author: kp Date: Fri Jun 29 16:46:20 UTC 2018 New revision: 335798 URL: https://svnweb.freebsd.org/changeset/base/335798 Log: MFC r335569: pf: Support "return" statements in passing rules when they fail. Normally pf rules are expected to do one of two things: pass the traffic = or block it. Blocking can be silent - "drop", or loud - "return", "return-rs= t", "return-icmp". Yet there is a 3rd category of traffic passing through pf: Packets matching a "pass" rule but when applying the rule fails. This hap= pens when redirection table is empty or when src node or state creation fails. Such rules always fail silently without notifying the sender. Allow users to configure this behaviour too, so that pf returns an error packet in these cases. PR: 226850 Submitted by: Kajetan Staszkiewicz Sponsored by: InnoGames GmbH Changes: _U stable/11/ stable/11/sbin/pfctl/parse.y stable/11/share/man/man5/pf.conf.5 stable/11/sys/netpfil/pf/pf.c --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Fri Jun 29 16:51:41 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C2497EFE6CD for ; Fri, 29 Jun 2018 16:51:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 5AD5672414 for ; Fri, 29 Jun 2018 16:51:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 1F087EFE6CC; Fri, 29 Jun 2018 16:51:41 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0ACCFEFE6CB for ; Fri, 29 Jun 2018 16:51:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 977947240C for ; Fri, 29 Jun 2018 16:51:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id DB00226395 for ; Fri, 29 Jun 2018 16:51:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w5TGpdLM076979 for ; Fri, 29 Jun 2018 16:51:39 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w5TGpdE3076978 for pf@FreeBSD.org; Fri, 29 Jun 2018 16:51:39 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 226850] [pf] Matching but failed rules block without return Date: Fri, 29 Jun 2018 16:51:39 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2018 16:51:41 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D226850 Kristof Provost changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Closed Resolution|--- |FIXED --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Sat Jun 30 12:51:38 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 769F8102EC51 for ; Sat, 30 Jun 2018 12:51:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 0FCF87C9AB for ; Sat, 30 Jun 2018 12:51:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id C1B5E102EC4E; Sat, 30 Jun 2018 12:51:37 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AEE78102EC4C for ; Sat, 30 Jun 2018 12:51:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4A6757C9A6 for ; Sat, 30 Jun 2018 12:51:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 90A3A10EB5 for ; Sat, 30 Jun 2018 12:51:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w5UCpaJl061311 for ; Sat, 30 Jun 2018 12:51:36 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w5UCpa3V061310 for pf@FreeBSD.org; Sat, 30 Jun 2018 12:51:36 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229092] [pf] [pfsync] States created by route-to rules pfsynced without interface Date: Sat, 30 Jun 2018 12:51:36 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jun 2018 12:51:38 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229092 --- Comment #4 from commit-hook@freebsd.org --- A commit references this bug: Author: kp Date: Sat Jun 30 12:51:08 UTC 2018 New revision: 335816 URL: https://svnweb.freebsd.org/changeset/base/335816 Log: pfsync: Fix state sync during initial bulk update States learned via pfsync from a peer with the same ruleset checksum were= not getting assigned to rules like they should because pfsync_in_upd() wasn't passing the PFSYNC_SI_CKSUM flag along to pfsync_state_import. PR: 229092 Submitted by: Kajetan Staszkiewicz Obtained from: OpenBSD MFC after: 1 week Sponsored by: InnoGames GmbH Changes: head/sys/netpfil/pf/if_pfsync.c --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Sat Jun 30 12:59:39 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A66E6102F046 for ; Sat, 30 Jun 2018 12:59:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 370797CBD5 for ; Sat, 30 Jun 2018 12:59:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id ED783102F045; Sat, 30 Jun 2018 12:59:38 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DB774102F044 for ; Sat, 30 Jun 2018 12:59:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 73F387CBD4 for ; Sat, 30 Jun 2018 12:59:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 9AA7C10EE8 for ; Sat, 30 Jun 2018 12:59:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w5UCxbD5074669 for ; Sat, 30 Jun 2018 12:59:37 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w5UCxbul074668 for pf@FreeBSD.org; Sat, 30 Jun 2018 12:59:37 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229092] [pf] [pfsync] States created by route-to rules pfsynced without interface Date: Sat, 30 Jun 2018 12:59:37 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jun 2018 12:59:39 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229092 --- Comment #5 from Kristof Provost --- Thanks for that patch. I've not yet had the opportunity to look at the other patch (or remarks in any detail). I'll try to do so as soon as possible, bu= t it may be some time. --=20 You are receiving this mail because: You are the assignee for the bug.=