From owner-freebsd-pf@FreeBSD.ORG Mon Sep 21 11:07:01 2009 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 90A23106568F for ; Mon, 21 Sep 2009 11:07:01 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 75EC08FC12 for ; Mon, 21 Sep 2009 11:07:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n8LB719c030372 for ; Mon, 21 Sep 2009 11:07:01 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n8LB70gf030368 for freebsd-pf@FreeBSD.org; Mon, 21 Sep 2009 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 21 Sep 2009 11:07:00 GMT Message-Id: <200909211107.n8LB70gf030368@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Sep 2009 11:07:01 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/121704 pf [pf] PF mangles loopback packets o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 36 problems total. From owner-freebsd-pf@FreeBSD.ORG Thu Sep 24 09:28:49 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 058EB106568D for ; Thu, 24 Sep 2009 09:28:49 +0000 (UTC) (envelope-from lowbotskie@gmail.com) Received: from mail-yw0-f121.google.com (mail-yw0-f121.google.com [209.85.211.121]) by mx1.freebsd.org (Postfix) with ESMTP id B61F78FC23 for ; Thu, 24 Sep 2009 09:28:48 +0000 (UTC) Received: by ywh27 with SMTP id 27so117227ywh.3 for ; Thu, 24 Sep 2009 02:28:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=GKjXc3dqCualCcOU5uDG35vvf6HBYoR6nvCMYKGFk+g=; b=DxYvYn1NNtxUgZPBSmsTVJ2i2a1MEJVU6QbrwUY53CJaOGEPObe+p1m0mGTjge480g qvWLfv8zOBX9Exd7BFDZVFXoQkP/AOF4M/dDCY9qRpmIsTApmHjvuFjUrIOgiSbCzlfU kmLq9tC8Jx4qZWS8QsGzvyxIsorQ5eYUDH+qQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=ORtQUgYPuj7ZnjGh0B3xzGmm6iYh4LuoOqXkWxCtTjVTUHrQYuz5E5aAfzh/opC6xh pgtnp9iuB7NjlmfhVllI71pwRTVUSrYvBMyekkKwuhJ8EnsZ1+WDM+Wb05eN8zYynT7w 0mYrizjPKqXCs/fhlBV5bD0TJpTPkHWvdaczA= MIME-Version: 1.0 Received: by 10.150.14.3 with SMTP id 3mr6141174ybn.288.1253783647785; Thu, 24 Sep 2009 02:14:07 -0700 (PDT) Date: Thu, 24 Sep 2009 17:14:07 +0800 Message-ID: <725c97180909240214j7501a680jd43950e4fc1ddb41@mail.gmail.com> From: shoks To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: removing states within an anchor X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Sep 2009 09:28:49 -0000 Hi All, I'm not sure if this is a bug or a limitation. Is it possible to remove the states created inside an anchor? Or show all the states created by rules inside an anchor? I have an anchor "ssh_a" which has created two states: # pfctl -a ssh_a -sr -v pass in log quick on vr0 inet proto tcp from any to 10.10.0.161 port = ssh flags S/SA keep state [ Evaluations: 4681 Packets: 6956 Bytes: 983364 States: 2 ] [ Inserted: uid 0 pid 2045 ] # I wanted to display the states created by rules within "ssh_a", but the command below shows all the states. # pfctl -a ssh_a -ss -v all tcp 10.10.0.161:22 <- 10.3.1.42:58120 ESTABLISHED:ESTABLISHED [4069877326 + 66560] wscale 3 [1308386281 + 66608] wscale 3 age 00:22:10, expires in 24:00:00, 1148:842 pkts, 91792:138616 bytes, anchor 5, rule 0 all tcp 10.10.0.161:22 <- 10.3.1.42:62296 ESTABLISHED:ESTABLISHED [555879689 + 66560] wscale 3 [1395082873 + 66608] wscale 3 age 00:05:05, expires in 23:59:11, 20:19 pkts, 3376:4620 bytes, anchor 5, rule 0 all tcp 10.10.0.161:80 <- 10.3.1.42:62952 FIN_WAIT_2:FIN_WAIT_2 [3637383497 + 66608] wscale 3 [3544701268 + 66607] wscale 3 age 00:00:17, expires in 00:01:23, 6:4 pkts, 802:440 bytes, anchor 4, rule 0 all ipv6-icmp ff02::1[16584] <- fe80::21b:21ff:fe1d:35bc NO_TRAFFIC:NO_TRAFFIC age 00:00:08, expires in 00:00:12, 1:0 pkts, 96:0 bytes, anchor 3, rule 14 all icmp 10.10.0.161:21514 <- 10.3.1.42 0:0 age 00:00:02, expires in 00:00:08, 1:1 pkts, 84:84 bytes, anchor 3, rule 2 # Removing the states within "ssh_a" with the command "pfctl -a ssh_a -Fs" would remove all the states. Thanks, sho