From owner-freebsd-pf@FreeBSD.ORG Mon Apr 14 06:43:36 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5A8361065675 for ; Mon, 14 Apr 2008 06:43:36 +0000 (UTC) (envelope-from a_gaviola@yahoo.com.ph) Received: from web58813.mail.re1.yahoo.com (web58813.mail.re1.yahoo.com [66.196.100.227]) by mx1.freebsd.org (Postfix) with SMTP id E463B8FC1B for ; Mon, 14 Apr 2008 06:43:35 +0000 (UTC) (envelope-from a_gaviola@yahoo.com.ph) Received: (qmail 96048 invoked by uid 60001); 14 Apr 2008 06:16:54 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.ph; h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=u7mjKfwLfd8J+cXM1lRDMVFfttAAFnsslkZeJjD29VRcH+RcCr7Zzo7TFKtXfVGZfBrVfNRhk0OpHqi70A6MHeg9Uf7dSdy3Vz4h22ZQ9QXpyWjCuMo7tMKSJPdQTRf1O5gfffRgXN8+kUrUFlcPKtshhWuhtOkiXF3DTBy0On8=; X-YMail-OSG: OLaQNg0VM1nko6yfasXavZiTtnDG4v9_JKfqtqKZp.J5QmwhfhMdgljHjs3j5OSySfB8QynXXwut3Y9.eKv2nIukD1c2ssmdoT4Kkyd.qvjQB5SMR.bfWTZ6R5CLhA-- Received: from [58.71.34.137] by web58813.mail.re1.yahoo.com via HTTP; Sun, 13 Apr 2008 23:16:54 PDT X-Mailer: YahooMailWebService/0.7.185 Date: Sun, 13 Apr 2008 23:16:54 -0700 (PDT) From: Archimedes Gaviola To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Message-ID: <343478.95095.qm@web58813.mail.re1.yahoo.com> Subject: Regarding PF Development X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2008 06:43:36 -0000 To Whom It May Concerned: Good day! I have known that pf is originally designed and implemented on Op= enBSD and was ported to FreeBSD. Now, I need to know if the development of = pf in FreeBSD is totally dependent on every releases of OpenBSD pf in terms= of new feature? Let say for example, if there are new features to be added= in pf then these features will be directly implemented in OpenBSD then por= ted to FreeBSD? Or it could be the other way around like new features can = be directly implemented in FreeBSD and will also be ported to OpenBSD? Thank you! Archimedes Gaviola=0A=0A=0A =0A_______________________________________= _____________ =0ATired of spam? Yahoo! Mail has the best spam protection ar= ound =0Ahttp://ph.mail.yahoo.com From owner-freebsd-pf@FreeBSD.ORG Mon Apr 14 11:06:54 2008 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2BD00106566C for ; Mon, 14 Apr 2008 11:06:54 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 1B8A58FC13 for ; Mon, 14 Apr 2008 11:06:54 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3EB6rm5072320 for ; Mon, 14 Apr 2008 11:06:53 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3EB6rlH072316 for freebsd-pf@FreeBSD.org; Mon, 14 Apr 2008 11:06:53 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 14 Apr 2008 11:06:53 GMT Message-Id: <200804141106.m3EB6rlH072316@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2008 11:06:54 -0000 Current FreeBSD problem reports Critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/111220 pf [pf] repeatable hangs while manipulating pf tables 1 problem total. Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/82271 pf [pf] cbq scheduler cause bad latency o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/116610 pf [patch] teach tcpdump(1) to cope with the new-style pf o kern/120281 pf [request] lost returning packets to PF for a rdr rule o kern/122014 pf [panic] FreeBSD 6.2 panic in pf 5 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/93825 pf [pf] pf reply-to doesn't work s conf/110838 pf tagged parameter on nat not working on FreeBSD 5.2 o kern/114095 pf [carp] carp+pf delay with high state limit o kern/114567 pf [pf] LOR pf_ioctl.c + if.c f kern/116645 pf [request] pfctl -k does not work in securelevel 3 o kern/118355 pf [pf] [patch] pfctl help message options order false -t f kern/119661 pf [pf] "queue (someq, empy_acks)" doesn't work o kern/120057 pf [patch] Allow proper settings of ALTQ_HFSC. The check o kern/121704 pf [pf] PF mangles loopback packets 10 problems total. From owner-freebsd-pf@FreeBSD.ORG Mon Apr 14 23:52:21 2008 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DCF81106567E; Mon, 14 Apr 2008 23:52:21 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B4E9F8FC31; Mon, 14 Apr 2008 23:52:21 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3ENqLZb049525; Mon, 14 Apr 2008 23:52:21 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3ENqLHb049520; Mon, 14 Apr 2008 23:52:21 GMT (envelope-from linimon) Date: Mon, 14 Apr 2008 23:52:21 GMT Message-Id: <200804142352.m3ENqLHb049520@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-pf@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/122773: [pf] pf doesn't log uid or pid when configured to X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2008 23:52:22 -0000 Old Synopsis: pf doesn't log uid or pid when configured to New Synopsis: [pf] pf doesn't log uid or pid when configured to Responsible-Changed-From-To: freebsd-bugs->freebsd-pf Responsible-Changed-By: linimon Responsible-Changed-When: Mon Apr 14 23:51:36 UTC 2008 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=122773 From owner-freebsd-pf@FreeBSD.ORG Tue Apr 15 01:10:08 2008 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A6671106566C for ; Tue, 15 Apr 2008 01:10:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 958EB8FC12 for ; Tue, 15 Apr 2008 01:10:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3F1A8Bw056028 for ; Tue, 15 Apr 2008 01:10:08 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3F1A8GD056027; Tue, 15 Apr 2008 01:10:08 GMT (envelope-from gnats) Date: Tue, 15 Apr 2008 01:10:08 GMT Message-Id: <200804150110.m3F1A8GD056027@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org From: Max Laier Cc: Subject: Re: kern/122773: [pf] pf doesn't log uid or pid when configured to X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Max Laier List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Apr 2008 01:10:08 -0000 The following reply was made to PR kern/122773; it has been noted by GNATS. From: Max Laier To: bug-followup@freebsd.org, josh@endries.org Cc: Subject: Re: kern/122773: [pf] pf doesn't log uid or pid when configured to Date: Tue, 15 Apr 2008 03:01:18 +0200 --Boundary-00=_e5/AIRcnzajd3D7 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline The problem is twofold: 1) FreeBSD doesn't store the PID for the opening process in the socket credentials. 2) tcpdump currently doesn't report uid/pid at all. The first issue could probably be fixed, but would touch quite a lot of things - it's really an industrious task. Feel free to submit patches ;) I don't currently have the time to do this. The second issue can be addressed with the attached patch, which should enable you to display the UID. It will report NO_PID (100000) for everything as long as 1 isn't fixed, though. -- Max --Boundary-00=_e5/AIRcnzajd3D7 Content-Type: text/x-diff; charset="us-ascii"; name="tcpdump-uid.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="tcpdump-uid.diff" Index: print-pflog.c =================================================================== RCS file: /home/ncvs/src/contrib/tcpdump/print-pflog.c,v retrieving revision 1.1.1.4 diff -u -r1.1.1.4 print-pflog.c --- print-pflog.c 16 Oct 2007 02:20:17 -0000 1.1.1.4 +++ print-pflog.c 15 Apr 2008 00:53:58 -0000 @@ -106,6 +106,12 @@ else printf("rule %u.%s.%u/", rulenr, hdr->ruleset, subrulenr); +#ifdef PF_LOG_SOCKET_LOOKUP + if (vflag && hdr->uid != UID_MAX) + printf("[uid %u, pid %u] ", (unsigned)hdr->uid, + (unsigned)hdr->pid); +#endif + printf("%s: %s %s on %s: ", tok2str(pf_reasons, "unkn(%u)", hdr->reason), tok2str(pf_actions, "unkn(%u)", hdr->action), --Boundary-00=_e5/AIRcnzajd3D7-- From owner-freebsd-pf@FreeBSD.ORG Wed Apr 16 19:45:13 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 59B56106566C for ; Wed, 16 Apr 2008 19:45:13 +0000 (UTC) (envelope-from oleksandr@samoylyk.sumy.ua) Received: from mail.telesweet.net (news.telesweet.net [194.110.252.16]) by mx1.freebsd.org (Postfix) with ESMTP id 16F408FC1F for ; Wed, 16 Apr 2008 19:45:13 +0000 (UTC) (envelope-from oleksandr@samoylyk.sumy.ua) Received: from localhost (localhost [127.0.0.1]) by mail.telesweet.net (Postfix) with ESMTP id 53EAEB841 for ; Wed, 16 Apr 2008 22:27:48 +0300 (EEST) X-Virus-Scanned: by Telesweet Mail Virus Scanner X-Spam-Flag: NO X-Spam-Score: -1.44 X-Spam-Level: X-Spam-Status: No, score=-1.44 tagged_above=-999 required=5 tests=[ALL_TRUSTED=-1.44] Received: from [10.0.14.191] (pigeon.telesweet [10.0.14.191]) by mail.telesweet.net (Postfix) with ESMTP id 77B9AB80F for ; Wed, 16 Apr 2008 22:27:47 +0300 (EEST) Message-ID: <48065337.3080805@samoylyk.sumy.ua> Date: Wed, 16 Apr 2008 22:27:51 +0300 From: Oleksandr Samoylyk User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=KOI8-U; format=flowed Content-Transfer-Encoding: 7bit Subject: Strange messages in dmesg X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2008 19:45:13 -0000 Dear freebsd-pf subscribers, What can such messages from system message buffer mean? ULLpf _tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL N ULLpf_ tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL NULpLf_t esptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd N ULpLf_ tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL N ULLpf _tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL NU LLpf _tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetudr nNeUdL LN ULLpf _tepsft_:t epsft_: gpeft__gmetta_gm traegtu rrneetdu rNnUeLdL N ULLpf _tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL N ULLpf_ tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL NULpLf_t esptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd N ULpLf_t esptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd NULpLf_ tesptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd N ULpLf_ tesptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd N ULpLf_ tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL N ULpLf_ tesptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd N ULLpf _tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL NU LLp f_tpefs_tt:e sptf:_ gpeft__gmetta_gm traegt urrenteudr nNeUdL LNUL L pf_ptfe_stte:s tp:f _pgfe_tg_emtt_amgt arge truertnuerdn eNdU LNLULL pf_ptfe_stte:s tp:f _pgfe_tg_emtt_amgt arge truertnuerdn eNdU LNLULL pf_ptfe_stte:s tp:f _pgfe_tg_emtt_amgt arge truertnuerdn eNdU LNLULL pf_ptfe_stte:s tp:f _pgfe_tg_emtt_amtga gr erteutrunrende dNU LNLUL L pf_ptfe_stte:st :p fp_fg_egte_tm_tmatg arge truertnuerdn eNdU LNLUL L pf_ptfe_stte:s tp:f _pgfe_tg_emtt_amgt arge truertnuerdn eNdU LNLUL Lp f_ptfe_stte:s tp:f _pgfe_tg_emtt_amgt arge truertnuerdn eNdU LNLU LLpf _tpefs_tt:e sptf:_ gpeft__gmetta_gm traegt urrenteudr nNeUdL LNUL Lpf _tpefs_tt:e sptf:_ gpeft__gmetta_gm traegt urrenteudr nNeUdL LNU LLp f_tpefs_tt:e sptf:_ gpeft__gmetta_gm traegt urrenteudr nNeUdL LNUL Lp f_tpefs_tt:e sptf:_ gpeft__gmetta_gm traegt urrenteudr nNeUdL LN ULLpf _tepsft_:t epsft_:g eptf__gmetta_gm traegt urrenetdu rNnUeLdL N ULLpf The system is: > uname -a FreeBSD xxxx.yyyyyyy.zzz 7.0-STABLE FreeBSD 7.0-STABLE #0: Thu Apr 10 13:38:24 EEST 2008 root@xxxx.yyyyyyy.zzz:/usr/obj/usr/src/sys/PF i386 Any tip-off? :) Thank you! -- Oleksandr Samoylyk OVS-RIPE From owner-freebsd-pf@FreeBSD.ORG Wed Apr 16 19:57:41 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB1F7106566C for ; Wed, 16 Apr 2008 19:57:40 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.230]) by mx1.freebsd.org (Postfix) with ESMTP id C1E6A8FC17 for ; Wed, 16 Apr 2008 19:57:40 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so1447607rvf.43 for ; Wed, 16 Apr 2008 12:57:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=gM/UsMmmG1QM5JJqmqGyAaVDr3TPLDWcCmLgU4FdY1E=; b=A+MG/bjLe6VYKDF8whRNPlK62WEx7qpzcwwkKQ0Caim/NfhOyOoQ3YhNsQqbDs09o22rFspTBoRRfaLuM5Uw5vadhmDKbxfTaHn8XQ228RYWNiNVHaTSOf9kRh1+pTKVQAKWLOaYl4ZnUAIX9c197nWRLuaQkZdXjsCPC2SN8NU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=YBGNNCuKsqVudAhPhQeintCPSyBgZJ5XWE2c+bfQd6+phSY/DYw05CzUC09gYM9Iv+X3tucx9FO7gsM3ggJ32CMhUFz2BIBv2z4P4z44psI+a7S7y18PvOWO4nVN/VgPuCJn0B/VgiKj5+G01yS2sjMB76D/CggGUGmMYwZuWJA= Received: by 10.141.71.8 with SMTP id y8mr251380rvk.63.1208375860533; Wed, 16 Apr 2008 12:57:40 -0700 (PDT) Received: by 10.140.135.3 with HTTP; Wed, 16 Apr 2008 12:57:40 -0700 (PDT) Message-ID: <9a542da30804161257h6d80efafqa5aec8442811c984@mail.gmail.com> Date: Wed, 16 Apr 2008 21:57:40 +0200 From: "=?ISO-8859-1?Q?Ermal_Lu=E7i?=" To: "Oleksandr Samoylyk" In-Reply-To: <48065337.3080805@samoylyk.sumy.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <48065337.3080805@samoylyk.sumy.ua> Cc: freebsd-pf@freebsd.org Subject: Re: Strange messages in dmesg X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2008 19:57:41 -0000 2008/4/16 Oleksandr Samoylyk : > Dear freebsd-pf subscribers, > > What can such messages from system message buffer mean? > > ULLpf > _tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL N > ULLpf_ > tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL > NULpLf_t > esptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd N > ULpLf_ > tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL N > ULLpf > _tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL NU > LLpf > _tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetudr nNeUdL LN > ULLpf > _tepsft_:t epsft_: gpeft__gmetta_gm traegtu rrneetdu rNnUeLdL N > ULLpf > _tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL N > ULLpf_ > tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL > NULpLf_t > esptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd N > ULpLf_t > esptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd > NULpLf_ > tesptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd N > ULpLf_ > tesptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd N > ULpLf_ > tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL N > ULpLf_ > tesptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd N > ULLpf > _tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL NU > LLp > f_tpefs_tt:e sptf:_ gpeft__gmetta_gm traegt urrenteudr nNeUdL LNUL > L > pf_ptfe_stte:s tp:f _pgfe_tg_emtt_amgt arge truertnuerdn eNdU LNLULL > > pf_ptfe_stte:s tp:f _pgfe_tg_emtt_amgt arge truertnuerdn eNdU LNLULL > > pf_ptfe_stte:s tp:f _pgfe_tg_emtt_amgt arge truertnuerdn eNdU LNLULL > > pf_ptfe_stte:s tp:f _pgfe_tg_emtt_amtga gr erteutrunrende dNU LNLUL > L > pf_ptfe_stte:st :p fp_fg_egte_tm_tmatg arge truertnuerdn eNdU LNLUL > L > pf_ptfe_stte:s tp:f _pgfe_tg_emtt_amgt arge truertnuerdn eNdU LNLUL > Lp > f_ptfe_stte:s tp:f _pgfe_tg_emtt_amgt arge truertnuerdn eNdU LNLU > LLpf > _tpefs_tt:e sptf:_ gpeft__gmetta_gm traegt urrenteudr nNeUdL LNUL > Lpf > _tpefs_tt:e sptf:_ gpeft__gmetta_gm traegt urrenteudr nNeUdL LNU > LLp > f_tpefs_tt:e sptf:_ gpeft__gmetta_gm traegt urrenteudr nNeUdL LNUL > Lp > f_tpefs_tt:e sptf:_ gpeft__gmetta_gm traegt urrenteudr nNeUdL LN > ULLpf > _tepsft_:t epsft_:g eptf__gmetta_gm traegt urrenetdu rNnUeLdL N > ULLpf > > The system is: > > uname -a > FreeBSD xxxx.yyyyyyy.zzz 7.0-STABLE FreeBSD 7.0-STABLE #0: Thu Apr 10 > 13:38:24 EEST 2008 root@xxxx.yyyyyyy.zzz:/usr/obj/usr/src/sys/PF i386 > > Any tip-off? :) It is just a message telling that pf_get_mtag function could not allocate a tag for PF and without that pf checking is skipped iirc. Why it happens it is not easily findable with this information. Ermal > > Thank you! > > -- > Oleksandr Samoylyk > OVS-RIPE > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > From owner-freebsd-pf@FreeBSD.ORG Wed Apr 16 20:14:08 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3BEAB1065673 for ; Wed, 16 Apr 2008 20:14:08 +0000 (UTC) (envelope-from oleksandr@samoylyk.sumy.ua) Received: from mail.telesweet.net (news.telesweet.net [194.110.252.16]) by mx1.freebsd.org (Postfix) with ESMTP id B210E8FC19 for ; Wed, 16 Apr 2008 20:14:07 +0000 (UTC) (envelope-from oleksandr@samoylyk.sumy.ua) Received: from localhost (localhost [127.0.0.1]) by mail.telesweet.net (Postfix) with ESMTP id A3EA810035 for ; Wed, 16 Apr 2008 23:14:05 +0300 (EEST) X-Virus-Scanned: by Telesweet Mail Virus Scanner X-Spam-Flag: NO X-Spam-Score: -1.44 X-Spam-Level: X-Spam-Status: No, score=-1.44 tagged_above=-999 required=5 tests=[ALL_TRUSTED=-1.44] Received: from [10.0.14.191] (pigeon.telesweet [10.0.14.191]) by mail.telesweet.net (Postfix) with ESMTP id 16B47C43B for ; Wed, 16 Apr 2008 23:14:04 +0300 (EEST) Message-ID: <48065E10.8050108@samoylyk.sumy.ua> Date: Wed, 16 Apr 2008 23:14:08 +0300 From: Oleksandr Samoylyk User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <48065337.3080805@samoylyk.sumy.ua> <9a542da30804161257h6d80efafqa5aec8442811c984@mail.gmail.com> In-Reply-To: <9a542da30804161257h6d80efafqa5aec8442811c984@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: Strange messages in dmesg X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2008 20:14:08 -0000 Ermal Luçi wrote: > 2008/4/16 Oleksandr Samoylyk : >> Dear freebsd-pf subscribers, >> >> What can such messages from system message buffer mean? >> >> ULLpf >> _tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL N >> ULLpf_ >> tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL >> NULpLf_t >> esptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd N >> ULpLf_ >> tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL N >> ULLpf >> _tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL NU >> LLpf >> _tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetudr nNeUdL LN >> ULLpf >> _tepsft_:t epsft_: gpeft__gmetta_gm traegtu rrneetdu rNnUeLdL N >> ULLpf >> _tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL N >> ULLpf_ >> tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL >> NULpLf_t >> esptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd N >> ULpLf_t >> esptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd >> NULpLf_ >> tesptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd N >> ULpLf_ >> tesptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd N >> ULpLf_ >> tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL N >> ULpLf_ >> tesptf:_ tpefs_tg:e tp_fm_tgaegt _rmettaugr nreedt uNrUnLeLd N >> ULLpf >> _tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL NU >> LLp >> f_tpefs_tt:e sptf:_ gpeft__gmetta_gm traegt urrenteudr nNeUdL LNUL >> L >> pf_ptfe_stte:s tp:f _pgfe_tg_emtt_amgt arge truertnuerdn eNdU LNLULL >> >> pf_ptfe_stte:s tp:f _pgfe_tg_emtt_amgt arge truertnuerdn eNdU LNLULL >> >> pf_ptfe_stte:s tp:f _pgfe_tg_emtt_amgt arge truertnuerdn eNdU LNLULL >> >> pf_ptfe_stte:s tp:f _pgfe_tg_emtt_amtga gr erteutrunrende dNU LNLUL >> L >> pf_ptfe_stte:st :p fp_fg_egte_tm_tmatg arge truertnuerdn eNdU LNLUL >> L >> pf_ptfe_stte:s tp:f _pgfe_tg_emtt_amgt arge truertnuerdn eNdU LNLUL >> Lp >> f_ptfe_stte:s tp:f _pgfe_tg_emtt_amgt arge truertnuerdn eNdU LNLU >> LLpf >> _tpefs_tt:e sptf:_ gpeft__gmetta_gm traegt urrenteudr nNeUdL LNUL >> Lpf >> _tpefs_tt:e sptf:_ gpeft__gmetta_gm traegt urrenteudr nNeUdL LNU >> LLp >> f_tpefs_tt:e sptf:_ gpeft__gmetta_gm traegt urrenteudr nNeUdL LNUL >> Lp >> f_tpefs_tt:e sptf:_ gpeft__gmetta_gm traegt urrenteudr nNeUdL LN >> ULLpf >> _tepsft_:t epsft_:g eptf__gmetta_gm traegt urrenetdu rNnUeLdL N >> ULLpf >> >> The system is: >> > uname -a >> FreeBSD xxxx.yyyyyyy.zzz 7.0-STABLE FreeBSD 7.0-STABLE #0: Thu Apr 10 >> 13:38:24 EEST 2008 root@xxxx.yyyyyyy.zzz:/usr/obj/usr/src/sys/PF i386 >> >> Any tip-off? :) > > It is just a message telling that pf_get_mtag function could not > allocate a tag for PF and without that pf checking is skipped iirc. > > Why it happens it is not easily findable with this information. > What additional information should I provide? I need to fix this because my system becomes unresponsive to keyboard input and that are the last messages I get before freeze. -- Oleksandr Samoylyk OVS-RIPE From owner-freebsd-pf@FreeBSD.ORG Wed Apr 16 21:40:45 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D0A1106566B for ; Wed, 16 Apr 2008 21:40:45 +0000 (UTC) (envelope-from vchepkov@gmail.com) Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.29]) by mx1.freebsd.org (Postfix) with ESMTP id C2D8E8FC1B for ; Wed, 16 Apr 2008 21:40:44 +0000 (UTC) (envelope-from vchepkov@gmail.com) Received: by yw-out-2324.google.com with SMTP id 2so1488562ywt.13 for ; Wed, 16 Apr 2008 14:40:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to:subject:date:mime-version:content-type:content-transfer-encoding:x-priority:x-msmail-priority:x-mailer:x-mimeole; bh=mEKuB5eOp9DKxJGDcrpt/NPbNvG2s5KEE3zXxp/fIlA=; b=u4yP0ItippriVXGTF3MmcorzAT3QqbKEIDu1Lo6Nm+YX/lAWA9k1kmLb+3rg8kweR7O7zSVDl/mLQ9UVz//yhy7L8v6Gw2l0+1q+KqUTxISKaI2mzGbNURcGGUEuI8oCudbeeSIT/PjPBeQWltUWMX9ypIB4wjLTLY9Uc8Rd6Io= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:subject:date:mime-version:content-type:content-transfer-encoding:x-priority:x-msmail-priority:x-mailer:x-mimeole; b=XES+SYyOrwruj9Sv7kQvoGUOKdVf3xEK6xorW2U1Ix/txI0Kjvm4KRSxCTRng/dyN7tNkto1FO4Jw7Cs/C2PB+LEKhiOyIpIgBSSdaRvN5Sy+NnIJrtY5ru7OilULbmTDtlCimuxX685ST01ClKJfRtna6nJNyxT9GSElJn5qKk= Received: by 10.150.121.3 with SMTP id t3mr721312ybc.227.1208379870602; Wed, 16 Apr 2008 14:04:30 -0700 (PDT) Received: from xp ( [70.109.62.236]) by mx.google.com with ESMTPS id g5sm19103418wra.33.2008.04.16.14.04.28 (version=SSLv3 cipher=RC4-MD5); Wed, 16 Apr 2008 14:04:29 -0700 (PDT) Message-ID: <005601c8a005$776e5820$0610a8c0@chepkov.lan> From: "Vadym Chepkov" To: Date: Wed, 16 Apr 2008 17:04:30 -0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="Windows-1252"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 Subject: PF and NAT-T X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2008 21:40:45 -0000 Hello, I am using FreeBSD 6.3-RELEASE-p1 with NAT-T patch applied (freebsd6-natt.diff, http://ipsec-tools.cvs.sourceforge.net/ipsec-tools/htdocs/ ) PF works as expected with "regular" IPSEC. But if I try to use NAT-T, packets get lost, I don't see them on internal interface. I created this pf.conf for testing: set loginterface enc0 set debug loud This is what I see in status: Interface Stats for enc0 IPv4 IPv6 Bytes In 120 0 Bytes Out 0 0 Packets In Passed 0 0 Blocked 2 0 Nothing useful in the log file. When I add 'set skip on enc', everything starts to work fine. How can I determine why those packets got blocked? Thank you, Vadym Chepkov From owner-freebsd-pf@FreeBSD.ORG Thu Apr 17 01:33:50 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D78811065679 for ; Thu, 17 Apr 2008 01:33:50 +0000 (UTC) (envelope-from jdc@parodius.com) Received: from mx01.sc1.parodius.com (mx01.sc1.parodius.com [72.20.106.3]) by mx1.freebsd.org (Postfix) with ESMTP id C6B498FC0C for ; Thu, 17 Apr 2008 01:33:50 +0000 (UTC) (envelope-from jdc@parodius.com) Received: by mx01.sc1.parodius.com (Postfix, from userid 1000) id 6C73E1CC038; Wed, 16 Apr 2008 18:33:50 -0700 (PDT) Date: Wed, 16 Apr 2008 18:33:50 -0700 From: Jeremy Chadwick To: Oleksandr Samoylyk Message-ID: <20080417013350.GA62381@eos.sc1.parodius.com> References: <48065337.3080805@samoylyk.sumy.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <48065337.3080805@samoylyk.sumy.ua> User-Agent: Mutt/1.5.17 (2007-11-01) Cc: freebsd-pf@freebsd.org Subject: Re: Strange messages in dmesg X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2008 01:33:50 -0000 On Wed, Apr 16, 2008 at 10:27:51PM +0300, Oleksandr Samoylyk wrote: > Dear freebsd-pf subscribers, > > What can such messages from system message buffer mean? > > ULLpf > _tepsft_:t epsft_:g eptf__mgteatg_ mrteatgu rrneetdu rNnUeLdL N > {snip} See "Kernel - Scrambled or garbled kernel output" below: http://wiki.freebsd.org/JeremyChadwick/Commonly_reported_issues I can't tell you what the actual cause of the pf_get_mtag messages are, however. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | From owner-freebsd-pf@FreeBSD.ORG Fri Apr 18 00:16:41 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 475BB106566B for ; Fri, 18 Apr 2008 00:16:41 +0000 (UTC) (envelope-from jay@jcornwall.me.uk) Received: from vps1.jcornwall.me.uk (vps1.jcornwall.me.uk [193.227.111.74]) by mx1.freebsd.org (Postfix) with ESMTP id 0A5558FC18 for ; Fri, 18 Apr 2008 00:16:41 +0000 (UTC) (envelope-from jay@jcornwall.me.uk) Received: from [82.70.152.17] (cobra.home.jcornwall.me.uk [82.70.152.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by vps1.jcornwall.me.uk (Postfix) with ESMTP id 8A31C520030 for ; Fri, 18 Apr 2008 00:59:59 +0100 (BST) Message-ID: <4807E452.4090304@jcornwall.me.uk> Date: Fri, 18 Apr 2008 00:59:14 +0100 From: "Jay L. T. Cornwall" User-Agent: Thunderbird 2.0.0.12 (X11/20080227) MIME-Version: 1.0 To: freebsd-pf@freebsd.org X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: PF + if_bridge + NAT anomaly X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2008 00:16:41 -0000 Hi, I have a bridging FreeBSD machine configured as follows: LAN <---> vr0 ---bridge0--- vr1 <--> WAN With the following PF ruleset: int_if = "vr0" ext_if = "vr1" bridge_if = "bridge0" nat_from_ips = "192.168.1.0/24" nat_to_ip = "" set skip on lo0 scrub in all nat on $ext_if from $nat_from_ips to any -> $nat_to_ip block in all #block out all *commented out* antispoof quick for { lo0 } pass in quick on $int_if pass out quick on $int_if pass in quick on $bridge_if #pass out quick on $bridge_if *commented out* pass out quick on $ext_if This configuration works correctly. Machines on the LAN with private IPs are NAT'd to a public IP and others with their own public IPs are routed correctly. However, note that I have commented out the 'block out all' rule. Commenting this and the later 'pass out quick on $ext_if' back in works correctly for LAN machines with public IPs. However, doing this disables NAT. Even without 'block out all', the simple presence of: pass out quick on $bridge_if Causes NAT to stop. tcpdump on vr1 shows that packets with private IPs are passing to the WAN (and being filtered upstream). What is causing NAT to stop functioning by the presence of a loose rule? Does the default 'pass all' have additional flags necessary for NAT to function correctly? Thanks, -- Jay L. T. Cornwall http://www.jcornwall.me.uk/ From owner-freebsd-pf@FreeBSD.ORG Fri Apr 18 20:23:27 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7E7881065670 for ; Fri, 18 Apr 2008 20:23:27 +0000 (UTC) (envelope-from jay@jcornwall.me.uk) Received: from vps1.jcornwall.me.uk (vps1.jcornwall.me.uk [193.227.111.74]) by mx1.freebsd.org (Postfix) with ESMTP id 45BB28FC1A for ; Fri, 18 Apr 2008 20:23:27 +0000 (UTC) (envelope-from jay@jcornwall.me.uk) Received: from [82.70.152.19] (adder.home.jcornwall.me.uk [82.70.152.19]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by vps1.jcornwall.me.uk (Postfix) with ESMTP id 81D58520006 for ; Fri, 18 Apr 2008 21:24:14 +0100 (BST) Message-ID: <48090340.50200@jcornwall.me.uk> Date: Fri, 18 Apr 2008 21:23:28 +0100 From: "Jay L. T. Cornwall" User-Agent: Thunderbird 2.0.0.12 (X11/20080227) MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <4807E452.4090304@jcornwall.me.uk> In-Reply-To: <4807E452.4090304@jcornwall.me.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: PF + if_bridge + NAT anomaly X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2008 20:23:27 -0000 Jay L. T. Cornwall wrote: > Even without 'block out all', the simple presence of: > pass out quick on $bridge_if > > Causes NAT to stop. tcpdump on vr1 shows that packets with private IPs > are passing to the WAN (and being filtered upstream). What is causing > NAT to stop functioning by the presence of a loose rule? Does the > default 'pass all' have additional flags necessary for NAT to function > correctly? OK, I've solved this. Kind of. By setting the sysctl net.link.bridge.pfil_bridge to 0 from its default 1 the 'pass out' rule no longer breaks NAT. Oddly, a 'pass in' rule on bridge0 is still required even though if_bridge(4) would suggest otherwise: net.link.bridge.pfil_bridge Set to 1 to enable filtering on the bridge interface, set to 0 to disable it. OK, whatever. :) -- Jay L. T. Cornwall http://www.jcornwall.me.uk/