Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 24 Aug 2021 14:58:19 +0200
From:      Kristof Provost <kp@FreeBSD.org>
To:        Oleksandr Kryvulia <shuriku@shurik.kiev.ua>
Cc:        pf@freebsd.org
Subject:   Re: pfctl -k id not working
Message-ID:  <88FAB02B-D319-4501-857D-7F04922CD00D@FreeBSD.org>
In-Reply-To: <903A7599-FFBD-4E7C-A4E9-2EA2F2C7B16C@FreeBSD.org>
References:  <CAAcX-AE--sff1Quqy57Ux4GwA2Lr%2BPM6Rt6b7Z-OvZbtYASn=w@mail.gmail.com> <437ea6f8-a93f-4650-1e94-c52110d328e7@shurik.kiev.ua> <903A7599-FFBD-4E7C-A4E9-2EA2F2C7B16C@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 22 Aug 2021, at 21:01, Kristof Provost wrote:
> On 22 Aug 2021, at 20:58, Oleksandr Kryvulia wrote:
>> 20.08.21 22:01, =C3=96zkan KIRIK =D0=BF=D0=B8=D1=88=D0=B5=D1=82:
>>> Hi,
>>>
>>> I'm trying to kill a single state using state id. But even state exis=
ts, no
>>> (0) states are killed.
>>>
>>> I'm using FreeBSD stable/12 0f97f2a1857a (Jul 26) build. Outputs are =
below:
>>>
>>> root@freebsd:/ # pfctl -ss -vvv | tail -5
>>> all tcp 10.255.4.134:60684 -> 10.2.3.10:443       ESTABLISHED:ESTABLI=
SHED
>>>    [3857528462 + 256] wscale 7  [2278827950 + 1117184] wscale 9
>>>    age 1002336:42:40, expires in 252932:33:04, 250675:343858 pkts,
>>> 18984576:362136695 bytes, anchor 1308884992, rule 419430400
>>>    id: effe296100000018 creatorid: e9c975c1 gateway: 0.0.0.0
>>>    origif: ix0.167
>>>
>>> root@freebsd:/ # pfctl -k id -k effe296100000018
>>> killed 0 states
>>>
>>> root@freebsd:/ # pfctl -ss -vvv | tail -5
>>> all tcp 10.255.4.134:60684 -> 10.2.3.10:443       ESTABLISHED:ESTABLI=
SHED
>>>    [1005467278 + 256] wscale 7  [2245470126 + 1117184] wscale 9
>>>    age 60966:41:04, expires in 280894:34:40, 250677:343861 pkts,
>>> 18984766:362137617 bytes, anchor 1308884992, rule 419430400
>>>    id: effe296100000018 creatorid: e9c975c1 gateway: 0.0.0.0
>>>    origif: ix0.167
>>>
>>> is it possible to fix it?
>>>
>>> Regards
>>>
>>
>> Same on current.
>
> Thanks for the confirmation. It=E2=80=99s very likely fallout from the =
nvlist changes I did in that area recently.
> It=E2=80=99s on my list for Monday. It=E2=80=99s likely to be fairly ea=
sy to fix.
>
This will be fixed as of e59eff9ad3285838730acf48f6d066cec0e53114 (in mai=
n).
MFC to be done next week.

Br,
Kristof

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?88FAB02B-D319-4501-857D-7F04922CD00D>