From owner-freebsd-pf@freebsd.org Sun Jul 1 18:09:30 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 05272FD35CB for ; Sun, 1 Jul 2018 18:09:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 263E877D26 for ; Sun, 1 Jul 2018 18:09:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id D237BFD35C8; Sun, 1 Jul 2018 18:09:28 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BFA95FD35C7 for ; Sun, 1 Jul 2018 18:09:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4AA8F77D1F for ; Sun, 1 Jul 2018 18:09:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 7683E20213 for ; Sun, 1 Jul 2018 18:09:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w61I9REb045098 for ; Sun, 1 Jul 2018 18:09:27 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w61I9RZd045090 for pf@FreeBSD.org; Sun, 1 Jul 2018 18:09:27 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229404] [pflog] [pfsync] [patch] pflogs/pfsync kernel modules build fails with VIMAGE Date: Sun, 01 Jul 2018 18:09:27 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-STABLE X-Bugzilla-Keywords: easy, patch-ready X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jul 2018 18:09:30 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229404 --- Comment #4 from commit-hook@freebsd.org --- A commit references this bug: Author: kp Date: Sun Jul 1 18:09:17 UTC 2018 New revision: 335847 URL: https://svnweb.freebsd.org/changeset/base/335847 Log: pflog/pfsync: Fix module build with VIMAGE=3Dyes pflog and pfsync's module Makefile fails to include opt_global.h to SRCS leading to build error for VIMAGE case. Reproduced with: cd /usr/src/sys/modules/pflog && make VIMAGE=3Dyes PR: 229404 Submitted by: eugen@ MFC after: 1 week Changes: head/sys/modules/pflog/Makefile head/sys/modules/pfsync/Makefile --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Sun Jul 1 18:09:46 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 78D27FD3633 for ; Sun, 1 Jul 2018 18:09:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 3575277D80 for ; Sun, 1 Jul 2018 18:09:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id EE26CFD3624; Sun, 1 Jul 2018 18:09:45 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DB843FD3621 for ; Sun, 1 Jul 2018 18:09:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7617677D7B for ; Sun, 1 Jul 2018 18:09:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id B9F9B20217 for ; Sun, 1 Jul 2018 18:09:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w61I9ihl054347 for ; Sun, 1 Jul 2018 18:09:44 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w61I9iUb054340 for pf@FreeBSD.org; Sun, 1 Jul 2018 18:09:44 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229404] [pflog] [pfsync] [patch] pflogs/pfsync kernel modules build fails with VIMAGE Date: Sun, 01 Jul 2018 18:09:44 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-STABLE X-Bugzilla-Keywords: easy, patch-ready X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: kp@freebsd.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jul 2018 18:09:46 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229404 Kristof Provost changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|pf@FreeBSD.org |kp@freebsd.org Status|New |In Progress --- Comment #5 from Kristof Provost --- Thanks for the patch. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Sun Jul 1 19:57:41 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3F5C5FDA026 for ; Sun, 1 Jul 2018 19:57:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id C91617B895 for ; Sun, 1 Jul 2018 19:57:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 884F8FDA025; Sun, 1 Jul 2018 19:57:40 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 74370FDA024 for ; Sun, 1 Jul 2018 19:57:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 024AA7B892 for ; Sun, 1 Jul 2018 19:57:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 2E2B621128 for ; Sun, 1 Jul 2018 19:57:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w61JvcBc055711 for ; Sun, 1 Jul 2018 19:57:38 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w61JvcTv055710 for pf@FreeBSD.org; Sun, 1 Jul 2018 19:57:38 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229404] [pflog] [pfsync] [patch] pflogs/pfsync kernel modules build fails with VIMAGE Date: Sun, 01 Jul 2018 19:57:39 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-STABLE X-Bugzilla-Keywords: easy, patch-ready X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: rgrimes@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: kp@freebsd.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jul 2018 19:57:41 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229404 Rodney W. Grimes changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pf@FreeBSD.org --=20 You are receiving this mail because: You are on the CC list for the bug.= From owner-freebsd-pf@freebsd.org Sun Jul 1 21:01:31 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C0051FDC0D7 for ; Sun, 1 Jul 2018 21:01:30 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 68F1B7DF55 for ; Sun, 1 Jul 2018 21:01:30 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id 0524BFDC0CC; Sun, 1 Jul 2018 21:01:30 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C44D5FDC0C9 for ; Sun, 1 Jul 2018 21:01:29 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7BDF97DF3D for ; Sun, 1 Jul 2018 21:01:29 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 87C7421A8A for ; Sun, 1 Jul 2018 21:01:28 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w61L1Rfp051025 for ; Sun, 1 Jul 2018 21:01:27 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w61L1RrW051015 for pf@FreeBSD.org; Sun, 1 Jul 2018 21:01:27 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201807012101.w61L1RrW051015@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: pf@FreeBSD.org Subject: Problem reports for pf@FreeBSD.org that need special attention Date: Sun, 1 Jul 2018 21:01:27 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jul 2018 21:01:31 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- Open | 203735 | Transparent interception of ipv6 with squid and p 1 problems total for which you should take action. From owner-freebsd-pf@freebsd.org Mon Jul 2 14:17:35 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1A037102AE71; Mon, 2 Jul 2018 14:17:35 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BA6878AD95; Mon, 2 Jul 2018 14:17:34 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id 80594B7AA; Mon, 2 Jul 2018 14:17:34 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from [172.28.128.1] (d5152df30.static.telenet.be [81.82.223.48]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 7A5645981A; Mon, 2 Jul 2018 16:17:31 +0200 (CEST) From: "Kristof Provost" To: "Jakub Chromy" Cc: freebsd-virtualization@freebsd.org, "FreeBSD PF List" Subject: Re: Possible bug: 11.2-RELEASE guest with vtnet and PF Date: Mon, 02 Jul 2018 16:17:30 +0200 X-Mailer: MailMate (2.0BETAr6113) Message-ID: <753B1604-6BFE-48F6-9AA0-38A1C11B6E9B@FreeBSD.org> In-Reply-To: <848b6851-89fb-b6c8-b412-d5ed897f63d2@cgi.cz> References: <848b6851-89fb-b6c8-b412-d5ed897f63d2@cgi.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2018 14:17:35 -0000 Hi Jakub, On 30 Jun 2018, at 17:07, Jakub Chromy wrote: > I've just installed a 11.2-RELEASE guest under bhyve (hypervisor is > 11.1-RELEASE)... and I cant use Virtio network interface with PF: > > odine:/boot/kernel# /sbin/pfctl -n -f ~/local/tmp/pf.work > *pfctl: pfi_get_ifaces: Bad file descriptor* > > the file contains the following single line only: > > pass out quick on vtnet0 proto tcp from any to any keep state > I’m pretty sure this is a pf bug rather than an issue with vtnet. Does this still happen if you don’t specify ‘-n’? I suspect this might be related to r333181, but that’s included in CURRENT too, and I’ve not been able to reproduce this on my CURRENT box. I’m updating my stable/11 test VM now, but that’ll take a while. Regards, Kristof From owner-freebsd-pf@freebsd.org Mon Jul 2 14:32:37 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 04EDB102B66C; Mon, 2 Jul 2018 14:32:37 +0000 (UTC) (envelope-from hicks@cgi.cz) Received: from hel.cgi.cz (hel.cgi.cz [178.238.36.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7E0D98B95D; Mon, 2 Jul 2018 14:32:34 +0000 (UTC) (envelope-from hicks@cgi.cz) Received: from hel.cgi.cz (localhost [127.0.0.1]) by hel.cgi.cz (Postfix) with ESMTP id 37F491135D6; Mon, 2 Jul 2018 16:32:27 +0200 (CEST) X-Virus-Scanned: amavisd-new at cgi.cz Received: from hel.cgi.cz ([127.0.0.1]) by hel.cgi.cz (hel.cgi.cz [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ReQmRxuFnQSa; Mon, 2 Jul 2018 16:32:25 +0200 (CEST) Received: from mail2.cgi.cz (hermes [172.17.174.1]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by hel.cgi.cz (Postfix) with ESMTPS id B13A51135A9; Mon, 2 Jul 2018 16:32:24 +0200 (CEST) Received: from [192.168.8.152] (unknown [82.100.31.11]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail2.cgi.cz (Postfix) with ESMTPSA id 4097B42049; Mon, 2 Jul 2018 16:32:24 +0200 (CEST) Subject: Re: Possible bug: 11.2-RELEASE guest with vtnet and PF To: Kristof Provost References: <848b6851-89fb-b6c8-b412-d5ed897f63d2@cgi.cz> <753B1604-6BFE-48F6-9AA0-38A1C11B6E9B@FreeBSD.org> Cc: freebsd-virtualization@freebsd.org, freebsd-pf@freebsd.org From: Jakub Chromy Message-ID: <3e9271ae-d71d-013e-73c6-9a57570b03af@cgi.cz> Date: Mon, 2 Jul 2018 16:32:23 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <753B1604-6BFE-48F6-9AA0-38A1C11B6E9B@FreeBSD.org> Content-Language: cs Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2018 14:32:37 -0000 Hello Kristof, I can give you access to that instance if you wish... -- regards Jakub Chromy CGI Systems div. ---------------- CGI CZ s.r.o. sales@cgi.cz 775 144 257 234 697 102 www.cgi.cz Dne 02.07.2018 v 16:17 Kristof Provost napsal(a): > > Hi Jakub, > > On 30 Jun 2018, at 17:07, Jakub Chromy wrote: > > I've just installed a 11.2-RELEASE guest under bhyve (hypervisor > is 11.1-RELEASE)... and I cant use Virtio network interface with PF: > > odine:/boot/kernel# /sbin/pfctl -n -f ~/local/tmp/pf.work > *pfctl: pfi_get_ifaces: Bad file descriptor* > > the file contains the following single line only: > > pass out quick on vtnet0 proto tcp from any to any keep state > > I’m pretty sure this is a pf bug rather than an issue with vtnet. > > Does this still happen if you don’t specify ‘-n’? > > I suspect this might be related to r333181, but that’s included in > CURRENT too, and I’ve not been able to reproduce this on my CURRENT > box. I’m updating my stable/11 test VM now, but that’ll take a while. > > Regards, > Kristof > From owner-freebsd-pf@freebsd.org Mon Jul 2 14:33:27 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ABA86102B6EC; Mon, 2 Jul 2018 14:33:27 +0000 (UTC) (envelope-from hicks@cgi.cz) Received: from hel.cgi.cz (hel.cgi.cz [178.238.36.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1A0928B9DD; Mon, 2 Jul 2018 14:33:27 +0000 (UTC) (envelope-from hicks@cgi.cz) Received: from hel.cgi.cz (localhost [127.0.0.1]) by hel.cgi.cz (Postfix) with ESMTP id 0D9B8113A60; Mon, 2 Jul 2018 16:33:26 +0200 (CEST) X-Virus-Scanned: amavisd-new at cgi.cz Received: from hel.cgi.cz ([127.0.0.1]) by hel.cgi.cz (hel.cgi.cz [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 0fiTomUkr2-j; Mon, 2 Jul 2018 16:33:23 +0200 (CEST) Received: from mail2.cgi.cz (hermes [172.17.174.1]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by hel.cgi.cz (Postfix) with ESMTPS id 87B9F113A3C; Mon, 2 Jul 2018 16:33:23 +0200 (CEST) Received: from [192.168.8.152] (unknown [82.100.31.11]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail2.cgi.cz (Postfix) with ESMTPSA id 3D74D42075; Mon, 2 Jul 2018 16:33:23 +0200 (CEST) Subject: Re: Possible bug: 11.2-RELEASE guest with vtnet and PF To: Kristof Provost Cc: freebsd-virtualization@freebsd.org, FreeBSD PF List References: <848b6851-89fb-b6c8-b412-d5ed897f63d2@cgi.cz> <753B1604-6BFE-48F6-9AA0-38A1C11B6E9B@FreeBSD.org> From: Jakub Chromy Message-ID: Date: Mon, 2 Jul 2018 16:33:23 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <753B1604-6BFE-48F6-9AA0-38A1C11B6E9B@FreeBSD.org> Content-Language: cs Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2018 14:33:27 -0000 ... will try without that "-n" parameter also... -- regards Jakub Chromy CGI Systems div. ---------------- CGI CZ s.r.o. sales@cgi.cz 775 144 257 234 697 102 www.cgi.cz Dne 02.07.2018 v 16:17 Kristof Provost napsal(a): > > Hi Jakub, > > On 30 Jun 2018, at 17:07, Jakub Chromy wrote: > > I've just installed a 11.2-RELEASE guest under bhyve (hypervisor > is 11.1-RELEASE)... and I cant use Virtio network interface with PF: > > odine:/boot/kernel# /sbin/pfctl -n -f ~/local/tmp/pf.work > *pfctl: pfi_get_ifaces: Bad file descriptor* > > the file contains the following single line only: > > pass out quick on vtnet0 proto tcp from any to any keep state > > I’m pretty sure this is a pf bug rather than an issue with vtnet. > > Does this still happen if you don’t specify ‘-n’? > > I suspect this might be related to r333181, but that’s included in > CURRENT too, and I’ve not been able to reproduce this on my CURRENT > box. I’m updating my stable/11 test VM now, but that’ll take a while. > > Regards, > Kristof > From owner-freebsd-pf@freebsd.org Mon Jul 2 14:44:35 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DEE33102BBD8 for ; Mon, 2 Jul 2018 14:44:35 +0000 (UTC) (envelope-from fjo-lists@ogris.de) Received: from box2.ogris.net (box2.ogris.net [IPv6:2a03:4000:6:2157::1]) by mx1.freebsd.org (Postfix) with ESMTP id 82B638BF0D for ; Mon, 2 Jul 2018 14:44:35 +0000 (UTC) (envelope-from fjo-lists@ogris.de) Received: from hf-mac-fjo-002.dts-systeme.intra (unknown [81.89.251.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by box2.ogris.net (Postfix) with ESMTPSA id 433C65983D for ; Mon, 2 Jul 2018 16:44:33 +0200 (CEST) From: "Felix J. Ogris" Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\)) Subject: pf reload/resync and skipped interface groups on 11.2-RELEASE Message-Id: <51A8A900-32B4-47A0-99D9-F02B31D2C735@ogris.de> Date: Mon, 2 Jul 2018 16:44:32 +0200 To: freebsd-pf@freebsd.org X-Mailer: Apple Mail (2.3445.8.2) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2018 14:44:36 -0000 Hi, this is a fresh install of 11.2-RELEASE amd64 with a minimal pf rule = set. After the first reload/resync, any traffic on an interface that is = skipped via an interface group statement in pf.conf is rejected: root@fbsd:~ # ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=3D0 ttl=3D64 time=3D0.038 ms ^C --- 127.0.0.1 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev =3D 0.038/0.038/0.038/0.000 ms root@fbsd:~ # service pf reload Reloading pf rules. root@fbsd:~ # ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1): 56 data bytes ping: sendto: Permission denied ping: sendto: Permission denied ^C --- 127.0.0.1 ping statistics --- 2 packets transmitted, 0 packets received, 100.0% packet loss A second reload restores the expected behaviour: root@fbsd:~ # service pf reload Reloading pf rules. root@fbsd:~ # ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=3D0 ttl=3D64 time=3D0.021 ms ^C --- 127.0.0.1 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev =3D 0.021/0.021/0.021/0.000 ms My /etc/pf.conf: root@fbsd:~ # cat /etc/pf.conf set skip on lo block pass in inet proto tcp to port 22 Active rule set in either case: root@fbsd:~ # pfctl -s rules block drop all pass in inet proto tcp from any to any port =3D ssh flags S/SA keep = state If i change =E2=80=9Cset skip on lo=E2=80=9D to =E2=80=9Cset skip on = lo0=E2=80=9D in /etc/pf.conf, reload behaves fine. /etc/rc.d/ppp does a =E2=80=9C/etc/rc.d/pf quietresync=E2=80=9D in its = poststart() routine. BR, Felix= From owner-freebsd-pf@freebsd.org Mon Jul 2 14:52:12 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 31615102BFD2 for ; Mon, 2 Jul 2018 14:52:12 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D841D8C44B; Mon, 2 Jul 2018 14:52:11 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id A2511BBB1; Mon, 2 Jul 2018 14:52:11 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from [172.28.128.1] (d5152df30.static.telenet.be [81.82.223.48]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 6595A59950; Mon, 2 Jul 2018 16:52:10 +0200 (CEST) From: "Kristof Provost" To: "Felix J. Ogris" Cc: freebsd-pf@freebsd.org Subject: Re: pf reload/resync and skipped interface groups on 11.2-RELEASE Date: Mon, 02 Jul 2018 16:52:09 +0200 X-Mailer: MailMate (2.0BETAr6113) Message-ID: <5F55C95D-4A1E-4758-B349-06E43E6ADA36@FreeBSD.org> In-Reply-To: <51A8A900-32B4-47A0-99D9-F02B31D2C735@ogris.de> References: <51A8A900-32B4-47A0-99D9-F02B31D2C735@ogris.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2018 14:52:12 -0000 On 2 Jul 2018, at 16:44, Felix J. Ogris wrote: > this is a fresh install of 11.2-RELEASE amd64 with a minimal pf rule > set. After the first reload/resync, any traffic on an interface that > is skipped via an interface group statement in pf.conf is rejected: > Thanks for the report. I think that’s the same issue as described in PR 229241, in which case it’s on my todo list already. Regards, Kristof From owner-freebsd-pf@freebsd.org Mon Jul 2 15:55:52 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EFD78102DBA1; Mon, 2 Jul 2018 15:55:51 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 962498E9C0; Mon, 2 Jul 2018 15:55:51 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id 45BA1C1D2; Mon, 2 Jul 2018 15:55:51 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from [172.28.128.1] (d5152df30.static.telenet.be [81.82.223.48]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id ECC9959AB2; Mon, 2 Jul 2018 17:55:48 +0200 (CEST) From: "Kristof Provost" To: "Jakub Chromy" Cc: freebsd-virtualization@freebsd.org, "FreeBSD PF List" , "Andreas Longwitz" Subject: Re: Possible bug: 11.2-RELEASE guest with vtnet and PF Date: Mon, 02 Jul 2018 17:55:47 +0200 X-Mailer: MailMate (2.0BETAr6113) Message-ID: <65938540-E8D5-4E81-84C7-6AF64D533032@FreeBSD.org> In-Reply-To: <753B1604-6BFE-48F6-9AA0-38A1C11B6E9B@FreeBSD.org> References: <848b6851-89fb-b6c8-b412-d5ed897f63d2@cgi.cz> <753B1604-6BFE-48F6-9AA0-38A1C11B6E9B@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2018 15:55:52 -0000 On 2 Jul 2018, at 16:17, Kristof Provost wrote: > Hi Jakub, > > On 30 Jun 2018, at 17:07, Jakub Chromy wrote: >> I've just installed a 11.2-RELEASE guest under bhyve (hypervisor is >> 11.1-RELEASE)... and I cant use Virtio network interface with PF: >> >> odine:/boot/kernel# /sbin/pfctl -n -f ~/local/tmp/pf.work >> *pfctl: pfi_get_ifaces: Bad file descriptor* >> >> the file contains the following single line only: >> >> pass out quick on vtnet0 proto tcp from any to any keep state >> > I’m pretty sure this is a pf bug rather than an issue with vtnet. > > Does this still happen if you don’t specify ‘-n’? > > I suspect this might be related to r333181, but that’s included in > CURRENT too, and I’ve not been able to reproduce this on my CURRENT > box. I’m updating my stable/11 test VM now, but that’ll take a > while. > Ah, I think I see the problem. I think you don’t have the pf module loaded, which is apparently not treated as a fatal error if ‘-n’ is specified, but the change in r333181 can’t cope with that. We should probably fix that, but it’s not a particularly critical problem. Regards, Kristof From owner-freebsd-pf@freebsd.org Mon Jul 2 16:24:35 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 276C3102E780; Mon, 2 Jul 2018 16:24:35 +0000 (UTC) (envelope-from hicks@cgi.cz) Received: from hel.cgi.cz (hel.cgi.cz [178.238.36.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AE23B8F8D4; Mon, 2 Jul 2018 16:24:34 +0000 (UTC) (envelope-from hicks@cgi.cz) Received: from hel.cgi.cz (localhost [127.0.0.1]) by hel.cgi.cz (Postfix) with ESMTP id 058A111389E; Mon, 2 Jul 2018 18:24:33 +0200 (CEST) X-Virus-Scanned: amavisd-new at cgi.cz Received: from hel.cgi.cz ([127.0.0.1]) by hel.cgi.cz (hel.cgi.cz [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 8VzhcufG7WCK; Mon, 2 Jul 2018 18:24:29 +0200 (CEST) Received: from mail2.cgi.cz (hermes [172.17.174.1]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by hel.cgi.cz (Postfix) with ESMTPS id AD478113866; Mon, 2 Jul 2018 18:24:29 +0200 (CEST) Received: from [192.168.8.152] (unknown [82.100.31.11]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail2.cgi.cz (Postfix) with ESMTPSA id 8C32942B2F; Mon, 2 Jul 2018 18:24:29 +0200 (CEST) Subject: Re: Possible bug: 11.2-RELEASE guest with vtnet and PF To: Kristof Provost Cc: freebsd-virtualization@freebsd.org, FreeBSD PF List , Andreas Longwitz References: <848b6851-89fb-b6c8-b412-d5ed897f63d2@cgi.cz> <753B1604-6BFE-48F6-9AA0-38A1C11B6E9B@FreeBSD.org> <65938540-E8D5-4E81-84C7-6AF64D533032@FreeBSD.org> From: Jakub Chromy Message-ID: <117b144b-d558-9319-e073-94e31085e441@cgi.cz> Date: Mon, 2 Jul 2018 18:24:29 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <65938540-E8D5-4E81-84C7-6AF64D533032@FreeBSD.org> Content-Language: cs Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2018 16:24:35 -0000 ... omg.. sorry. I've checked the r333181 revision, but I'm not as capable in C to understand it completely. So it looks like that in up to 11.1-RELEASE, one can run the /sbin/pfctl -n -f ./config successfully without having the pf module loaded. Now in 11.2, the pfctl without pf module in the kernel complains on something (eg interfaces) and exits with code greater than zero. This is the point where our script (of many years :) got stuck. Thank you. -- regards Jakub Chromy CGI Systems div. ---------------- CGI CZ s.r.o. sales@cgi.cz 775 144 257 234 697 102 www.cgi.cz > Ah, I think I see the problem. I think you don’t have the pf module > loaded, which is apparently not treated as a fatal error if ‘-n’ is > specified, but the change in r333181 can’t cope with that. > > We should probably fix that, but it’s not a particularly critical problem. > > Regards, > Kristof > From owner-freebsd-pf@freebsd.org Mon Jul 2 19:04:57 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D567A1035788 for ; Mon, 2 Jul 2018 19:04:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 672D675B7C for ; Mon, 2 Jul 2018 19:04:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 1DAF11035781; Mon, 2 Jul 2018 19:04:57 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 097131035780 for ; Mon, 2 Jul 2018 19:04:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9353D75B77 for ; Mon, 2 Jul 2018 19:04:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id C60D0D426 for ; Mon, 2 Jul 2018 19:04:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w62J4tRl022328 for ; Mon, 2 Jul 2018 19:04:55 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w62J4t2Q022327 for pf@FreeBSD.org; Mon, 2 Jul 2018 19:04:55 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229477] [PATCH] fail-policy changes cause delays on synproxy packets Date: Mon, 02 Jul 2018 19:04:55 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-STABLE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2018 19:04:58 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229477 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |pf@FreeBSD.org Keywords| |patch --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Tue Jul 3 09:37:57 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 663A1102F3B3 for ; Tue, 3 Jul 2018 09:37:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id F2D2577200 for ; Tue, 3 Jul 2018 09:37:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id B2728102F3AA; Tue, 3 Jul 2018 09:37:56 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9FEAE102F3A9 for ; Tue, 3 Jul 2018 09:37:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3B60E771FB for ; Tue, 3 Jul 2018 09:37:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 736FF14D91 for ; Tue, 3 Jul 2018 09:37:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w639btFe003219 for ; Tue, 3 Jul 2018 09:37:55 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w639btfg003218 for pf@FreeBSD.org; Tue, 3 Jul 2018 09:37:55 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229477] [PATCH] fail-policy changes cause delays on synproxy packets Date: Tue, 03 Jul 2018 09:37:55 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-STABLE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2018 09:37:57 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229477 Kristof Provost changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kp@freebsd.org --- Comment #4 from Kristof Provost --- You can probably just change the 'action !=3D PF_PASS' into 'action =3D=3D = PF_DROP' rather than adding an extra if statement. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Tue Jul 3 09:44:51 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CDD6B102FD2C for ; Tue, 3 Jul 2018 09:44:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 679AD776DE for ; Tue, 3 Jul 2018 09:44:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 271FF102FD28; Tue, 3 Jul 2018 09:44:51 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 13224102FD27 for ; Tue, 3 Jul 2018 09:44:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9D2EC776D8 for ; Tue, 3 Jul 2018 09:44:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id DD2F314EED for ; Tue, 3 Jul 2018 09:44:49 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w639in9e019807 for ; Tue, 3 Jul 2018 09:44:49 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w639inoG019806 for pf@FreeBSD.org; Tue, 3 Jul 2018 09:44:49 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229477] [PATCH] fail-policy changes cause delays on synproxy packets Date: Tue, 03 Jul 2018 09:44:49 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-STABLE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: mail@fbsd.e4m.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2018 09:44:52 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229477 --- Comment #5 from Andre Albsmeier --- I don't think so but maybe I am just interpreting your idea badly. How about a code snippet or patch? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Tue Jul 3 09:46:39 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 79D04102FF06 for ; Tue, 3 Jul 2018 09:46:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 1316877793 for ; Tue, 3 Jul 2018 09:46:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id CBC7C102FF03; Tue, 3 Jul 2018 09:46:38 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B7B58102FF02 for ; Tue, 3 Jul 2018 09:46:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F55E7778F for ; Tue, 3 Jul 2018 09:46:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 8F0F414EF2 for ; Tue, 3 Jul 2018 09:46:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w639kbxL022037 for ; Tue, 3 Jul 2018 09:46:37 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w639kbjp022036 for pf@FreeBSD.org; Tue, 3 Jul 2018 09:46:37 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229477] [PATCH] fail-policy changes cause delays on synproxy packets Date: Tue, 03 Jul 2018 09:46:37 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-STABLE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2018 09:46:39 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229477 --- Comment #6 from Kristof Provost --- (In reply to Andre Albsmeier from comment #5) No, I've checked again, you're right. I forgot about the 'return (action)'. I think your patch is right. I'm still looking at writing an automated test case, but hopefully I'll be able to commit both test and fix soon. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Tue Jul 3 11:00:55 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5B85410359BD for ; Tue, 3 Jul 2018 11:00:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id E5D427AA97 for ; Tue, 3 Jul 2018 11:00:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 9F91B10359B1; Tue, 3 Jul 2018 11:00:54 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8E20810359B0 for ; Tue, 3 Jul 2018 11:00:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2BDFB7AA8F for ; Tue, 3 Jul 2018 11:00:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 64D75158D0 for ; Tue, 3 Jul 2018 11:00:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w63B0rWN096080 for ; Tue, 3 Jul 2018 11:00:53 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w63B0rNk096074 for pf@FreeBSD.org; Tue, 3 Jul 2018 11:00:53 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229477] [PATCH] fail-policy changes cause delays on synproxy packets Date: Tue, 03 Jul 2018 11:00:53 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-STABLE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: mail@fbsd.e4m.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2018 11:00:55 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229477 --- Comment #7 from Andre Albsmeier --- OK, but as I said: Regarding #2 I am unsure. We can also leave it out and w= ait if someone who actually uses "fail-policy return" complains.... --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Tue Jul 3 13:36:08 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B82DA1020DBB for ; Tue, 3 Jul 2018 13:36:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 4B15D81905 for ; Tue, 3 Jul 2018 13:36:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 0B28F1020DBA; Tue, 3 Jul 2018 13:36:08 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ED9061020DB9 for ; Tue, 3 Jul 2018 13:36:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8C25881902 for ; Tue, 3 Jul 2018 13:36:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id D6B3F16EEA for ; Tue, 3 Jul 2018 13:36:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w63Da6ox042587 for ; Tue, 3 Jul 2018 13:36:06 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w63Da6sg042586 for pf@FreeBSD.org; Tue, 3 Jul 2018 13:36:06 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229477] [PATCH] fail-policy changes cause delays on synproxy packets Date: Tue, 03 Jul 2018 13:36:06 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-STABLE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vegeta@tuxpowered.net X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2018 13:36:08 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229477 Kajetan Staszkiewicz changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vegeta@tuxpowered.net --- Comment #8 from Kajetan Staszkiewicz --- I am the person responsible for fail-policy and I can test this behaviour w= ith fix for synproxy. I'm sorry for not testing it with synproxy initially, but synproxy is broken for route-to rules anyway. I'll get back to you soon. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Sat Jul 7 14:47:01 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2143710278D3 for ; Sat, 7 Jul 2018 14:47:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id A3D767AABE for ; Sat, 7 Jul 2018 14:47:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 5ABF710278CE; Sat, 7 Jul 2018 14:47:00 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 480B810278CD for ; Sat, 7 Jul 2018 14:47:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D85037AAB9 for ; Sat, 7 Jul 2018 14:46:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 1D3BA9CD5 for ; Sat, 7 Jul 2018 14:46:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w67EkwOl051226 for ; Sat, 7 Jul 2018 14:46:58 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w67Ekw0n051225 for pf@FreeBSD.org; Sat, 7 Jul 2018 14:46:58 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 229092] [pf] [pfsync] States created by route-to rules pfsynced without interface Date: Sat, 07 Jul 2018 14:46:59 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jul 2018 14:47:01 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229092 --- Comment #6 from commit-hook@freebsd.org --- A commit references this bug: Author: kp Date: Sat Jul 7 14:46:02 UTC 2018 New revision: 336064 URL: https://svnweb.freebsd.org/changeset/base/336064 Log: MFC r335816: pfsync: Fix state sync during initial bulk update States learned via pfsync from a peer with the same ruleset checksum were= not getting assigned to rules like they should because pfsync_in_upd() wasn't passing the PFSYNC_SI_CKSUM flag along to pfsync_state_import. PR: 229092 Submitted by: Kajetan Staszkiewicz Obtained from: OpenBSD Sponsored by: InnoGames GmbH Changes: _U stable/11/ stable/11/sys/netpfil/pf/if_pfsync.c --=20 You are receiving this mail because: You are the assignee for the bug.=