From owner-freebsd-pf@FreeBSD.ORG Sun Oct 24 05:36:16 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9916C1065670; Sun, 24 Oct 2010 05:36:16 +0000 (UTC) (envelope-from max@laiers.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.freebsd.org (Postfix) with ESMTP id EB4438FC18; Sun, 24 Oct 2010 05:36:15 +0000 (UTC) Received: from [192.168.8.55] (75-147-189-33-Washington.hfc.comcastbusiness.net [75.147.189.33]) by mrelayeu.kundenserver.de (node=mreu1) with ESMTP (Nemesis) id 0M6yZd-1OO7gm25WH-00xOIZ; Sun, 24 Oct 2010 07:36:14 +0200 Message-ID: <4CC3C5C9.7040904@laiers.net> Date: Sat, 23 Oct 2010 22:36:09 -0700 From: Max Laier User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.11) Gecko/20101013 Thunderbird/3.1.5 MIME-Version: 1.0 To: =?ISO-8859-1?Q?Ermal_Lu=E7i?= References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:3GO4GtN/62TDwzY0Xbay35RMxVi/XIbn17GVxkMK23d SizeeVdR86CrcnodTxv39S3PdzjCJ7ibEB+9kcnd86ovCD/x8J nACOGUmbeoGcvuS+93QcUvPlgimDw9pyGmbdRbS2l4kj13CXSg NIvtkkIL/u3g/Ru/VHbcW1xXn3uSWSQkJWYaMDOJX0YxbAgLH4 d0Ng7Uf0tjPOLSsWyyZ/g== Cc: freebsd-net , freebsd-pf@freebsd.org Subject: Re: [PATCH] pf(4) patch from OpenBSD 4.5 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Oct 2010 05:36:16 -0000 C'mon ... where are the testers at? On 18.10.2010 11:10, Ermal Luçi wrote: > Feedback is very welcome. Is there no-one testing Ermal's exciting patch? Let's help getting this tested ... before we put it into SVN! fetch http://people.freebsd.org/~eri/pf45_1.diff patch -p1 < pf45_1.diff make buildworld buildkernel etc. ... Let's go!!! And do not forget to reply if it works just, too. Thank you, Max From owner-freebsd-pf@FreeBSD.ORG Sun Oct 24 09:36:42 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4EC401065673; Sun, 24 Oct 2010 09:36:42 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from mail2.jellyfishnet.co.uk (mail2.jellyfishnet.co.uk [93.91.20.10]) by mx1.freebsd.org (Postfix) with ESMTP id DF29B8FC1D; Sun, 24 Oct 2010 09:36:41 +0000 (UTC) Received: from pemexhub02.jellyfishnet.co.uk.local (93.91.20.3) by mail2.jellyfishnet.co.uk (93.91.20.10) with Microsoft SMTP Server (TLS) id 8.1.393.1; Sun, 24 Oct 2010 10:25:56 +0100 Received: from PEMEXMBXVS02.jellyfishnet.co.uk.local ([192.168.65.37]) by pemexhub02.jellyfishnet.co.uk.local ([192.168.65.8]) with mapi; Sun, 24 Oct 2010 10:25:48 +0100 From: Greg Hennessy To: Max Laier , =?iso-8859-1?Q?Ermal_Lu=E7i?= Date: Sun, 24 Oct 2010 10:25:47 +0100 Thread-Topic: [PATCH] pf(4) patch from OpenBSD 4.5 Thread-Index: ActzPX7DFNIAiNKjQ0aow52Pve4xMAAH8KSg Message-ID: <9E8D76EC267C9444AC737F649CBBAD90276A7E594E@PEMEXMBXVS02.jellyfishnet.co.uk.local> References: <4CC3C5C9.7040904@laiers.net> In-Reply-To: <4CC3C5C9.7040904@laiers.net> Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: freebsd-net , "freebsd-pf@freebsd.org" Subject: RE: [PATCH] pf(4) patch from OpenBSD 4.5 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Oct 2010 09:36:42 -0000 It doesn't appear to patch cleanly against CURRENT gw2:/usr/src # find . -name \*.rej ./contrib/pf/pfctl/pfctl_table.c.rej ./contrib/pf/pfctl/parse.y.rej ./contrib/pf/pfctl/pfctl.c.rej ./contrib/pf/pfctl/pfctl_parser.h.rej ./contrib/pf/pfctl/pfctl.8.rej ./contrib/pf/pfctl/pfctl.h.rej ./sys/contrib/pf/net/pf_norm.c.rej ./sys/contrib/pf/net/if_pflog.c.rej ./sys/contrib/pf/net/pf_osfp.c.rej Can post/email the contents of the above if required.=20 Greg > -----Original Message----- > From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd- > pf@freebsd.org] On Behalf Of Max Laier > Sent: 24 October 2010 6:36 AM > To: Ermal Lu=E7i > Cc: freebsd-net; freebsd-pf@freebsd.org > Subject: Re: [PATCH] pf(4) patch from OpenBSD 4.5 >=20 > C'mon ... where are the testers at? >=20 > On 18.10.2010 11:10, Ermal Lu=E7i wrote: > > Feedback is very welcome. >=20 > Is there no-one testing Ermal's exciting patch? Let's help getting this > tested ... before we put it into SVN! >=20 > fetch http://people.freebsd.org/~eri/pf45_1.diff > patch -p1 < pf45_1.diff > make buildworld buildkernel > etc. ... >=20 > Let's go!!! And do not forget to reply if it works just, too. >=20 > Thank you, > Max > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" From owner-freebsd-pf@FreeBSD.ORG Sun Oct 24 09:55:46 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C3C8E106564A; Sun, 24 Oct 2010 09:55:46 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from smtprelay03.ispgateway.de (smtprelay03.ispgateway.de [80.67.18.15]) by mx1.freebsd.org (Postfix) with ESMTP id 4F85F8FC12; Sun, 24 Oct 2010 09:55:46 +0000 (UTC) Received: from [78.34.145.129] (helo=r500.local) by smtprelay03.ispgateway.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.68) (envelope-from ) id 1P9x3J-00069h-GI; Sun, 24 Oct 2010 11:39:48 +0200 Date: Sun, 24 Oct 2010 11:39:43 +0200 From: Fabian Keil To: Max Laier Message-ID: <20101024113943.3cc0d659@r500.local> In-Reply-To: <4CC3C5C9.7040904@laiers.net> References: <4CC3C5C9.7040904@laiers.net> X-Mailer: Claws Mail 3.7.6 (GTK+ 2.20.1; amd64-portbld-freebsd9.0) X-PGP-KEY-URL: http://www.fabiankeil.de/gpg-keys/freebsd-listen-2008-08-18.asc Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/svSC+F=4tHHhCo+JTSVJg5H"; protocol="application/pgp-signature" X-Df-Sender: 775067 Cc: freebsd-net , freebsd-pf@freebsd.org Subject: Re: [PATCH] pf(4) patch from OpenBSD 4.5 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Oct 2010 09:55:46 -0000 --Sig_/svSC+F=4tHHhCo+JTSVJg5H Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Max Laier wrote: > C'mon ... where are the testers at? >=20 > On 18.10.2010 11:10, Ermal Lu=E7i wrote: > > Feedback is very welcome. >=20 > Is there no-one testing Ermal's exciting patch? Let's help getting this= =20 > tested ... before we put it into SVN! >=20 > fetch http://people.freebsd.org/~eri/pf45_1.diff > patch -p1 < pf45_1.diff I think that should be -p0. > make buildworld buildkernel > etc. ... >=20 > Let's go!!! And do not forget to reply if it works just, too. I got a bunch of rejections: fk@r500 /usr/src $patch -C -p0 < /home/fk/test/freebsd/pf45_1.diff 2>&1 | g= rep .rej 1 out of 6 hunks failed--saving rejects to contrib/pf/pfctl/pfctl_table.c.r= ej 1 out of 114 hunks failed--saving rejects to contrib/pf/pfctl/parse.y.rej 1 out of 37 hunks failed--saving rejects to contrib/pf/pfctl/pfctl.c.rej 1 out of 4 hunks failed--saving rejects to contrib/pf/pfctl/pfctl_parser.h.= rej 1 out of 15 hunks failed--saving rejects to contrib/pf/pfctl/pfctl.8.rej 1 out of 6 hunks failed--saving rejects to contrib/pf/pfctl/pfctl.h.rej 1 out of 56 hunks failed--saving rejects to sys/contrib/pf/net/pf_norm.c.rej 1 out of 16 hunks failed--saving rejects to sys/contrib/pf/net/if_pflog.c.r= ej 1 out of 15 hunks failed--saving rejects to sys/contrib/pf/net/pf_osfp.c.rej They can be fixed by running the files through perl -i'' -pe 's@\$FreeBSD[^\$]+\$@\$FreeBSD\$@' * before applying the patch. Afterwards the patch applies cleanly. However the build still fails for me: /usr/obj/usr/src/make.amd64/make -V CFILES -V SYSTEM_CFILES -V GEN_CFILES |= MKDEP_CPP=3D"cc -E" CC=3D"cc" xargs mkdep -a -f .newdep -O2 -frename-regi= sters -pipe -fno-strict-aliasing -std=3Dc99 -g -Wall -Wredundant-decls -Wn= ested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wi= nline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -nostdinc = -I. -I/usr/src/sys -I/usr/src/sys/contrib/altq -I/usr/src/sys/contrib/ipfi= lter -I/usr/src/sys/contrib/pf -I/usr/src/sys/dev/ath -I/usr/src/sys/dev/at= h/ath_hal -I/usr/src/sys/contrib/ngatm -I/usr/src/sys/dev/twa -I/usr/src/sy= s/gnu/fs/xfs/FreeBSD -I/usr/src/sys/gnu/fs/xfs/FreeBSD/support -I/usr/src/s= ys/gnu/fs/xfs -I/usr/src/sys/contrib/opensolaris/compat -I/usr/src/sys/dev/= cxgb -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-comm= on -finline-limit=3D8000 --param inline-unit-growth=3D100 --param large-fun= ction-growth=3D1000 -fno-omit-frame-pointer -mcmodel=3Dkernel -mno-red-zon= e -mfpmath=3D387 -mno-sse -mno-sse2 -mno-sse3 -mno-mmx -mno-3dnow -msoft-= float -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector /usr/src/sys/contrib/pf/net/pf.c:149:26: error: net/if_pflow.h: No such fil= e or directory mkdep: compile failed *** Error code 1 Stop in /usr/obj/usr/src/sys/ZOEY. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. I'm using HEAD from yesterday and if_pflow.h indeed doesn't seem to exist. Fabian --Sig_/svSC+F=4tHHhCo+JTSVJg5H Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iEYEARECAAYFAkzD/uQACgkQBYqIVf93VJ3jLQCgqUP61qe9WF0zBD2XbiCbnF76 +zAAn1zPE43YCnXL1+M9tTp5fcyyoCw0 =jEYJ -----END PGP SIGNATURE----- --Sig_/svSC+F=4tHHhCo+JTSVJg5H-- From owner-freebsd-pf@FreeBSD.ORG Sun Oct 24 09:58:36 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 43715106564A; Sun, 24 Oct 2010 09:58:36 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from mail1.jellyfishnet.co.uk (mail1.jellyfishnet.co.uk [93.91.20.9]) by mx1.freebsd.org (Postfix) with ESMTP id CF1038FC14; Sun, 24 Oct 2010 09:58:35 +0000 (UTC) Received: from pemexhub01.jellyfishnet.co.uk.local (93.91.20.3) by mail1.jellyfishnet.co.uk (93.91.20.9) with Microsoft SMTP Server (TLS) id 8.1.393.1; Sun, 24 Oct 2010 10:58:40 +0100 Received: from PEMEXMBXVS02.jellyfishnet.co.uk.local ([192.168.65.37]) by pemexhub01.jellyfishnet.co.uk.local ([192.168.65.7]) with mapi; Sun, 24 Oct 2010 10:58:34 +0100 From: Greg Hennessy To: Greg Hennessy , Max Laier , =?iso-8859-1?Q?Ermal_Lu=E7i?= Date: Sun, 24 Oct 2010 10:58:33 +0100 Thread-Topic: [PATCH] pf(4) patch from OpenBSD 4.5 Thread-Index: ActzPX7DFNIAiNKjQ0aow52Pve4xMAAH8KSgAAEsUgA= Message-ID: <9E8D76EC267C9444AC737F649CBBAD90276A7E5955@PEMEXMBXVS02.jellyfishnet.co.uk.local> References: <4CC3C5C9.7040904@laiers.net> <9E8D76EC267C9444AC737F649CBBAD90276A7E594E@PEMEXMBXVS02.jellyfishnet.co.uk.local> In-Reply-To: <9E8D76EC267C9444AC737F649CBBAD90276A7E594E@PEMEXMBXVS02.jellyfishnet.co.uk.local> Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: freebsd-net , "freebsd-pf@freebsd.org" Subject: RE: [PATCH] pf(4) patch from OpenBSD 4.5 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Oct 2010 09:58:36 -0000 s/CURRENT/HEAD/ below, wasn't quite awake yet when I sent it. :-) > -----Original Message----- > From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd- > pf@freebsd.org] On Behalf Of Greg Hennessy > Sent: 24 October 2010 10:26 AM > To: Max Laier; Ermal Lu=E7i > Cc: freebsd-net; freebsd-pf@freebsd.org > Subject: RE: [PATCH] pf(4) patch from OpenBSD 4.5 >=20 > It doesn't appear to patch cleanly against CURRENT >=20 > gw2:/usr/src # find . -name \*.rej > ./contrib/pf/pfctl/pfctl_table.c.rej > ./contrib/pf/pfctl/parse.y.rej > ./contrib/pf/pfctl/pfctl.c.rej > ./contrib/pf/pfctl/pfctl_parser.h.rej > ./contrib/pf/pfctl/pfctl.8.rej > ./contrib/pf/pfctl/pfctl.h.rej > ./sys/contrib/pf/net/pf_norm.c.rej > ./sys/contrib/pf/net/if_pflog.c.rej > ./sys/contrib/pf/net/pf_osfp.c.rej >=20 >=20 > Can post/email the contents of the above if required. >=20 >=20 > Greg >=20 >=20 > > -----Original Message----- > > From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd- > > pf@freebsd.org] On Behalf Of Max Laier > > Sent: 24 October 2010 6:36 AM > > To: Ermal Lu=E7i > > Cc: freebsd-net; freebsd-pf@freebsd.org > > Subject: Re: [PATCH] pf(4) patch from OpenBSD 4.5 > > > > C'mon ... where are the testers at? > > > > On 18.10.2010 11:10, Ermal Lu=E7i wrote: > > > Feedback is very welcome. > > > > Is there no-one testing Ermal's exciting patch? Let's help getting thi= s > > tested ... before we put it into SVN! > > > > fetch http://people.freebsd.org/~eri/pf45_1.diff > > patch -p1 < pf45_1.diff > > make buildworld buildkernel > > etc. ... > > > > Let's go!!! And do not forget to reply if it works just, too. > > > > Thank you, > > Max > > _______________________________________________ > > freebsd-pf@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" From owner-freebsd-pf@FreeBSD.ORG Sun Oct 24 14:53:04 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B6511065670; Sun, 24 Oct 2010 14:53:04 +0000 (UTC) (envelope-from dimitar.vassilev@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id C573B8FC0C; Sun, 24 Oct 2010 14:53:03 +0000 (UTC) Received: by iwn39 with SMTP id 39so3115453iwn.13 for ; Sun, 24 Oct 2010 07:53:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=2T7r4HUfZEkB0Co3wuC81Ot28w+73yQJ4GjoctB0zhA=; b=ChE6x6OJO73mYh7A+ImXruIUmOrWZPirX/NU2NfjU1Yw2yn1VwwqFRz0lbqScX0Qi1 swfx35/iE9KSfECXn/FsNHkuMWlmiFTrqXZe+RM2YNeKimI4O6w+eWvf8QcT+WE5KMLV SDIsJAZyoKyWcPsnOLMkINcR6fmcZ7JSu2Ib4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=LYHk4SJLW6hoJ2VvYdi1LlAA4wyglGsySz+L4PrCBa+4L4cRhkXzoXJciPjn6pUCWT KftUl4s3WU8P6qsDYSqX74MAaF5JHbd9+5J8llkO9CZiTtPUsfy7J22FK0E7uHYzbfJK FicFcUixe0++tSShJjnLlqziORLC/TvpD1xPg= MIME-Version: 1.0 Received: by 10.231.34.6 with SMTP id j6mr4665769ibd.93.1287930470444; Sun, 24 Oct 2010 07:27:50 -0700 (PDT) Received: by 10.229.181.84 with HTTP; Sun, 24 Oct 2010 07:27:50 -0700 (PDT) In-Reply-To: <9E8D76EC267C9444AC737F649CBBAD90276A7E5955@PEMEXMBXVS02.jellyfishnet.co.uk.local> References: <4CC3C5C9.7040904@laiers.net> <9E8D76EC267C9444AC737F649CBBAD90276A7E594E@PEMEXMBXVS02.jellyfishnet.co.uk.local> <9E8D76EC267C9444AC737F649CBBAD90276A7E5955@PEMEXMBXVS02.jellyfishnet.co.uk.local> Date: Sun, 24 Oct 2010 17:27:50 +0300 Message-ID: From: Dimitar Vassilev To: Greg Hennessy Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net , Max Laier , "freebsd-pf@freebsd.org" Subject: Re: [PATCH] pf(4) patch from OpenBSD 4.5 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Oct 2010 14:53:04 -0000 2010/10/24 Greg Hennessy : > s/CURRENT/HEAD/ below, =C2=A0wasn't quite awake yet when I sent it. :-) Out of curiousity, any plans to include pf 4.7 support in the next 1-2 year= s? I'm not actively looking the freebsd-net list, so my apologies if this has been already spoken of. Best regards, Dimitar From owner-freebsd-pf@FreeBSD.ORG Mon Oct 25 11:07:06 2010 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9131710656CE for ; Mon, 25 Oct 2010 11:07:06 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 7DF168FC25 for ; Mon, 25 Oct 2010 11:07:06 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o9PB769D088844 for ; Mon, 25 Oct 2010 11:07:06 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o9PB75SP088842 for freebsd-pf@FreeBSD.org; Mon, 25 Oct 2010 11:07:05 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 25 Oct 2010 11:07:05 GMT Message-Id: <201010251107.o9PB75SP088842@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Oct 2010 11:07:06 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/148290 pf [pf] "sticky-address" option of Packet Filter (PF) blo o kern/148260 pf [pf] [patch] pf rdr incompatible with dummynet o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/146832 pf [pf] "(self)" not always matching all local IPv6 addre o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 45 problems total. From owner-freebsd-pf@FreeBSD.ORG Mon Oct 25 16:35:36 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB0C8106566C for ; Mon, 25 Oct 2010 16:35:36 +0000 (UTC) (envelope-from tom@tomjudge.com) Received: from eu1sys200aog104.obsmtp.com (eu1sys200aog104.obsmtp.com [207.126.144.117]) by mx1.freebsd.org (Postfix) with SMTP id BFBF48FC0A for ; Mon, 25 Oct 2010 16:35:34 +0000 (UTC) Received: from source ([63.174.175.251]) by eu1sys200aob104.postini.com ([207.126.147.11]) with SMTP ID DSNKTMWx1HlnHn/Gc3SDR6Ex1pyr4vcf92hX@postini.com; Mon, 25 Oct 2010 16:35:35 UTC Received: from [172.17.10.53] (unknown [172.17.10.53]) by bbbx3.usdmm.com (Postfix) with ESMTP id A3CC5FD022; Mon, 25 Oct 2010 16:35:31 +0000 (UTC) Message-ID: <4CC5B1BA.1030903@tomjudge.com> Date: Mon, 25 Oct 2010 11:35:06 -0500 From: Tom Judge User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.11) Gecko/20101006 Lightning/1.0b2 Thunderbird/3.1.5 MIME-Version: 1.0 To: Subscriber References: <1942060152.20101021171739@agoris.net.ua> <4CC0AD05.90607@tomjudge.com> <163294774.20101022103402@agoris.net.ua> In-Reply-To: <163294774.20101022103402@agoris.net.ua> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: freebsd-pf@freebsd.org Subject: Re: Ftp + pf + Two ISP ---> no luck X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Oct 2010 16:35:37 -0000 On 10/22/2010 02:34 AM, Subscriber wrote: > Hello Tom, Take a look at ftpsesame in ports, this will help you and simplify your firewall configuration. TJ > Friday, October 22, 2010, 12:13:41 AM, you wrote: > >> On 10/21/2010 09:17 AM, Subscriber wrote: >>> Hi All. >>> >>> First of all sorry for my bad English. >>> >>> I have some problem with two ISP and ftp service on FreeBSD box. A >>> few days I try to resolve the problem, but no luck. Googling does not >>> help me to. My brain soon blowup. So…. pls help me. >>> >>> I want, that my ftp service was accessible from ISP1 and ISP2. I can >>> log in my ftp from outside, but when I try to download files, or >>> opening the folders with big number of files, my server is "freeze", >>> and download newer happened. Some times ftp-server "unfreez" for very >>> short time, at this moment: >>> >> You need something like: >> pass in on $ext_if1 inet proto tcp from any to $isp1_ip port 21 reply-to >> ( $ext_if1 $isp1_gw ) >> pass in on $ext_if2 inet proto tcp from any to $isp2_ip port 21 reply-to >> ( $ext_if2 $isp2_gw ) >> And the same for the passive port range you configure in the ftp daemon. > I change the rule as you say: > > pass in on $ext_if1 reply-to ( $ext_if1 $ext_gw1 ) inet \ > proto tcp from $ftp_allowed_ip to ($ext_if1) \ > port $ftp_serv flags S/SA keep state > > Now I have: > > pass in on $ext_if1 reply-to ( $ext_if1 $ext_gw1 ) inet \ > proto tcp from $ftp_allowed_ip to $ext_ip1 \ > port $ftp_serv > > But it is not help. Situation are not change. I can't upload or > download files :( > >> TJ >>> load averages: 9.24, 2.69, 1.18 >>> 36 processes: 7 running, 29 sleeping >>> CPU: 0.0% user, 0.0% nice, 0.0% system, 99.9% interrupt, 0.1% idle >>> Mem: 24M Active, 350M Inact, 75M Wired, 14M Cache, 60M Buf, 30M Free >>> Swap: 512M Total, 32K Used, 512M Free >>> >>> In the ftp-server logs (vsftpd) I see next: >>> >>> ======= start cut of log ==================== >>> Thu Oct 21 16:16:36 2010 [pid 92431] [ftpusr] FTP command: Client >>> "ip_was_replaced", "PASV" >>> Thu Oct 21 16:16:36 2010 [pid 92431] [ftpusr] FTP response: Client >>> "ip_was_replaced", "227 Entering Passive Mode >>> (xxx,xxx,xxx,136,195,80)." >>> Thu Oct 21 16:16:36 2010 [pid 92431] [ftpusr] FTP command: Client >>> "ip_was_replaced", "RETR >>> Intel.Boot.Agent.for.Intel.Network.Adapters.PROBOOT.v15.2.exe" >>> Thu Oct 21 16:16:36 2010 [pid 92431] [ftpusr] FTP response: Client >>> "ip_was_replaced", "150 Opening BINARY mode data connection for >>> Intel.Boot.Agent.for.Intel.Network.Adapters.PROBOOT.v15.2.exe (1235728 >>> bytes)." >>> Thu Oct 21 16:17:14 2010 [pid 92431] [ftpusr] FTP response: Client >>> "ip_was_replaced", "426 Failure writing network stream." >>> Thu Oct 21 16:17:14 2010 [pid 92431] [ftpusr] FAIL DOWNLOAD: Client >>> "ip_was_replaced", >>> "/pub/drivers/intel/Intel.Boot.Agent.for.Intel.Network.Adapters.PROBOOT.v15.2.exe", >>> 33580 bytes, 0.86Kbyte/sec >>> Thu Oct 21 16:17:14 2010 [pid 92431] [ftpusr] FTP command: Client >>> "ip_was_replaced", "????ABOR" >>> Thu Oct 21 16:17:14 2010 [pid 92431] [ftpusr] FTP response: Client >>> "ip_was_replaced", "225 No transfer to ABOR." >>> >>> and so on... >>> ======= end cut of log ==================== >>> >>> About my system: >>> # uname -rsm >>> FreeBSD 8.1-RELEASE i386 >>> >>> Ftp servers in passive mode: >>> vsftpd-2.3.2 (Listen on port 21) >>> proftpd-1.3.3a (Listen on port 2121) >>> >>> pf - as firewall, kernel compiled with: >>> device pf >>> device pflog >>> options ALTQ >>> options ALTQ_CBQ >>> options ALTQ_RED >>> options ALTQ_RIO >>> options ALTQ_HFSC >>> options ALTQ_CDNR >>> options ALTQ_PRIQ >>> options ALTQ_NOPCC >>> >>> my pf.conf: >>> =======start of pf.conf ==================== >>> # macros >>> # internal interface >>> int_if = "fxp0" >>> >>> ext_if = "{ fxp1, fxp2 }" >>> >>> # interface to isp1 and isp2 >>> ext_if1 = "fxp1" >>> ext_if2 = "fxp2" >>> >>> #gateway for isp1 and isp2 >>> ext_gw1 = "xxx.xxx.xxx.129" >>> ext_gw2 = "xxx.xxx.xxx.3" >>> >>> # ftp ports >>> ftp_serv = "{ 21, 2121, 50000:50100 }" >>> >>> icmp_types = "{ echoreq }" >>> priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \ >>> 10.0.0.0/8 }" >>> ftp_allowed_ip = "{ xxx.xxx.xxx.xxx }" >>> >>> # options >>> set block-policy drop >>> #set loginterface $ext_if >>> >>> # scrub >>> scrub in all >>> # nat >>> nat on $ext_if1 inet from $int_if:network to any -> ($ext_if1) >>> nat on $ext_if2 inet from $int_if:network to any -> ($ext_if2) >>> >>> # filter rules >>> block all >>> block in quick on $ext_if inet proto udp from any port 137:139 \ >>> to any port 137:139 >>> block log on $ext_if all >>> >>> pass quick on lo0 all >>> >>> block in quick on $ext_if from $priv_nets to any >>> block out quick on $ext_if from any to $priv_nets >>> >>> pass out on $ext_if1 inet from $ext_if1 to any >>> pass out on $ext_if2 inet from $ext_if2 to any >>> pass out route-to ($ext_if2 $ext_gw2) inet from ($ext_if2) keep state >>> pass out route-to ($ext_if1 $ext_gw1) inet from ($ext_if1) keep state >>> >>> # icmp rules >>> pass in quick on $ext_if1 reply-to ( $ext_if1 $ext_gw1 ) inet \ >>> proto icmp from any to $ext_if1 icmp-type $icmp_types keep state >>> pass in quick on $ext_if2 reply-to ( $ext_if2 $ext_gw2 ) inet \ >>> proto icmp from any to $ext_if2 icmp-type $icmp_types keep state >>> pass out quick inet proto icmp all keep state >>> >>> # for local network out >>> pass in on $int_if from $int_if:network to any keep state >>> pass out on $int_if from any to $int_if:network keep state >>> >>> #ftp service >>> pass in on $ext_if1 reply-to ( $ext_if1 $ext_gw1 ) inet \ >>> proto tcp from $ftp_allowed_ip to ($ext_if1) \ >>> port $ftp_serv flags S/SA keep state >>> >>> pass in on $ext_if2 reply-to ( $ext_if2 $ext_gw2 ) inet \ >>> proto tcp from $ftp_allowed_ip to ($ext_if2) \ >>> port $ftp_serv flags S/SA keep state >>> >>> pass out quick on $ext_if proto tcp all modulate state flags S/SA >>> pass out quick on $ext_if proto { udp, icmp } all keep state >>> >>> =======-end of pf.conf ==================== >>> >>> If I replace rule >>> pass in on $ext_if1 reply-to ( $ext_if1 $ext_gw1 ) inet \ >>> proto tcp from $ftp_allowed_ip to ($ext_if1) \ >>> port $ftp_serv flags S/SA keep state >>> >>> to >>> pass in on $ext_if1 inet \ >>> proto tcp from $ftp_allowed_ip to ($ext_if1) \ >>> port $ftp_serv flags S/SA keep state >>> >>> then ftp-server accessible from ISP1, but from ISP2 - no. >>> >>> > > > > -- TJU13-ARIN