From owner-freebsd-pf@FreeBSD.ORG Mon Nov 18 11:06:54 2013 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A6CB3A7A for ; Mon, 18 Nov 2013 11:06:54 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 960D9208E for ; Mon, 18 Nov 2013 11:06:54 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id rAIB6sdg009148 for ; Mon, 18 Nov 2013 11:06:54 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id rAIB6sp7009146 for freebsd-pf@FreeBSD.org; Mon, 18 Nov 2013 11:06:54 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 18 Nov 2013 11:06:54 GMT Message-Id: <201311181106.rAIB6sp7009146@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Nov 2013 11:06:54 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/182401 pf [pf] pf state for some IPs reaches 4294967295 suspicou o kern/182350 pf [pf] core dump with packet filter -- pf_overlad_task o kern/179392 pf [pf] [ip6] Incorrect TCP checksums in rdr return packe o kern/177810 pf [pf] traffic dropped by accepting rules is not counted o kern/177808 pf [pf] [patch] route-to rule forwarding traffic inspite o kern/176763 pf [pf] [patch] Removing pf Source entries locks kernel. o kern/176268 pf [pf] [patch] synproxy not working with route-to o kern/173659 pf [pf] PF fatal trap on 9.1 (taskq fatal trap on pf_test o bin/172888 pf [patch] authpf(8) feature enhancement o kern/172648 pf [pf] [ip6]: 'scrub reassemble tcp' breaks IPv6 packet o kern/171733 pf [pf] PF problem with modulate state in [regression] o kern/169630 pf [pf] [patch] pf fragment reassembly of padded (undersi o kern/168952 pf [pf] direction scrub rules don't work o kern/168190 pf [pf] panic when using pf and route-to (maybe: bad frag o kern/166336 pf [pf] kern.securelevel 3 +pf reload o kern/165315 pf [pf] States never cleared in PF with DEVICE_POLLING o kern/164402 pf [pf] pf crashes with a particular set of rules when fi o kern/164271 pf [pf] not working pf nat on FreeBSD 9.0 [regression] o kern/163208 pf [pf] PF state key linking mismatch o kern/160370 pf [pf] Incorrect pfctl check of pf.conf o kern/155736 pf [pf] [altq] borrow from parent queue does not work wit o kern/153307 pf [pf] Bug with PF firewall o kern/148290 pf [pf] "sticky-address" option of Packet Filter (PF) blo o kern/148260 pf [pf] [patch] pf rdr incompatible with dummynet o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o kern/87074 pf [pf] pf does not log dropped packets when max-* statef a kern/86752 pf [pf] pf does not use default timeouts when reloading c o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 57 problems total. From owner-freebsd-pf@FreeBSD.ORG Mon Nov 18 16:20:02 2013 Return-Path: Delivered-To: freebsd-pf@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7D79D6F9 for ; Mon, 18 Nov 2013 16:20:02 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 5323A24BE for ; Mon, 18 Nov 2013 16:20:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id rAIGK17u084970 for ; Mon, 18 Nov 2013 16:20:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id rAIGK1Ve084969; Mon, 18 Nov 2013 16:20:01 GMT (envelope-from gnats) Date: Mon, 18 Nov 2013 16:20:01 GMT Message-Id: <201311181620.rAIGK1Ve084969@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org Cc: From: Kajetan Staszkiewicz Subject: Re: kern/177808: [pf] [patch] route-to rule forwarding traffic inspite of state limit X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list Reply-To: Kajetan Staszkiewicz List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Nov 2013 16:20:02 -0000 The following reply was made to PR kern/177808; it has been noted by GNATS. From: Kajetan Staszkiewicz To: bug-followup@freebsd.org Cc: Subject: Re: kern/177808: [pf] [patch] route-to rule forwarding traffic inspite of state limit Date: Mon, 18 Nov 2013 17:13:24 +0100 --Boundary-00=_kyjiSwrOkn+usgI Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit The attached patch for FreeBSD 10 does basically the same thing, although in a way that is easier to understand in code as it performs all actions inside pf_test, instead of waiting for pf_check_in to free *m. -- | pozdrawiam / greetings | powered by Debian, FreeBSD and CentOS | | Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net | | Vegeta | www: http://vegeta.tuxpowered.net | `------------------------^---------------------------------------' --Boundary-00=_kyjiSwrOkn+usgI Content-Type: text/x-patch; charset="UTF-8"; name="drop-traffic-on-state-creation-fail.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="drop-traffic-on-state-creation-fail.patch" # It might happen that a passing rule fails to create a state for example due # to hitting its state limit. A PF_DROP action is set in such case but the rule # already has rt filled in which causes pf_route to be called and the packet # to be forwarded. # # Do not call pf_route at all if action is PF_DROP. # # kajetan.staszkiewicz@innogames.de # Work sponsored by InnoGames GmbH # diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 12d1e9a..59a349d 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -6009,6 +6009,10 @@ done: *m0 = NULL; action = PF_PASS; break; + case PF_DROP: + m_freem(*m0); + *m0 = NULL; + break; default: /* pf_route() returns unlocked. */ if (r->rt) { @@ -6382,6 +6386,10 @@ done: *m0 = NULL; action = PF_PASS; break; + case PF_DROP: + m_freem(*m0); + *m0 = NULL; + break; default: /* pf_route6() returns unlocked. */ if (r->rt) { --Boundary-00=_kyjiSwrOkn+usgI-- From owner-freebsd-pf@FreeBSD.ORG Mon Nov 18 17:20:01 2013 Return-Path: Delivered-To: freebsd-pf@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EDB5E76 for ; Mon, 18 Nov 2013 17:20:01 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id DAB562933 for ; Mon, 18 Nov 2013 17:20:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id rAIHK1Eu097821 for ; Mon, 18 Nov 2013 17:20:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id rAIHK1IN097820; Mon, 18 Nov 2013 17:20:01 GMT (envelope-from gnats) Date: Mon, 18 Nov 2013 17:20:01 GMT Message-Id: <201311181720.rAIHK1IN097820@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org Cc: From: Kajetan Staszkiewicz Subject: Re: kern/176763: [pf] [patch] Removing pf Source entries locks kernel. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list Reply-To: Kajetan Staszkiewicz List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Nov 2013 17:20:02 -0000 The following reply was made to PR kern/176763; it has been noted by GNATS. From: Kajetan Staszkiewicz To: bug-followup@freebsd.org Cc: Subject: Re: kern/176763: [pf] [patch] Removing pf Source entries locks kernel. Date: Mon, 18 Nov 2013 18:12:36 +0100 --Boundary-00=_EqkiSNwqoUJOzB0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit The attached patch is for FreeBSD 10. It adds a new parameter "-c" to pfctl which when killing src_nodes, also kills states linked to the found nodes. -- | pozdrawiam / greetings | powered by Debian, FreeBSD and CentOS | | Kajetan Staszkiewicz | jabber,email: vegeta()tuxpowered net | | Vegeta | www: http://vegeta.tuxpowered.net | `------------------------^---------------------------------------' --Boundary-00=_EqkiSNwqoUJOzB0 Content-Type: text/x-patch; charset="UTF-8"; name="link-states-to-src-nodes.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="link-states-to-src-nodes.patch" # Removing src_nodes causes the list of states to be fully searched through # to find ones linked to the given src_node. With large amount of src_nodes # and states (for example when under a DDoS attack) this operation can take # many seconds to complete. # # Provide a list of states linked to each src_node and use the list to make # the operation faster. Add new parameter "-c" to pfctl which, when # killing src_nodes, also kills states linked to found nodes. # # kajetan.staszkiewicz@innogames.de # Work sponsored by InnoGames GmbH # diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8 index 5c0e7b3..61c5711 100644 --- a/sbin/pfctl/pfctl.8 +++ b/sbin/pfctl/pfctl.8 @@ -42,7 +42,8 @@ .Op Fl F Ar modifier .Op Fl f Ar file .Op Fl i Ar interface -.Op Fl K Ar host | network +.Oo Fl K Ar host | network +.Op Fl c Oc .Xo .Oo Fl k .Ar host | network | label | id @@ -189,6 +190,10 @@ as the anchor name: .Bd -literal -offset indent # pfctl -a '*' -sr .Ed +.It Fl c +When removing source tracking entries, remove state entries linked to +them. This option can be only used in conjunction with +.Fl K . .It Fl D Ar macro Ns = Ns Ar value Define .Ar macro diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 90a2bb5..6a2dd90 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -236,7 +236,7 @@ usage(void) fprintf(stderr, "usage: %s [-AdeghmNnOPqRrvz] ", __progname); fprintf(stderr, "[-a anchor] [-D macro=value] [-F modifier]\n"); - fprintf(stderr, "\t[-f file] [-i interface] [-K host | network]\n"); + fprintf(stderr, "\t[-f file] [-i interface] [-K host | network [-c]]\n"); fprintf(stderr, "\t[-k host | network | label | id] "); fprintf(stderr, "[-o level] [-p device]\n"); fprintf(stderr, "\t[-s modifier] "); @@ -449,10 +449,10 @@ pfctl_kill_src_nodes(int dev, const char *iface, int opts) struct pfioc_src_node_kill psnk; struct addrinfo *res[2], *resp[2]; struct sockaddr last_src, last_dst; - int killed, sources, dests; + int killed, killed_states, sources, dests; int ret_ga; - killed = sources = dests = 0; + killed = killed_states = sources = dests = 0; memset(&psnk, 0, sizeof(psnk)); memset(&psnk.psnk_src.addr.v.a.mask, 0xff, @@ -462,6 +462,8 @@ pfctl_kill_src_nodes(int dev, const char *iface, int opts) pfctl_addrprefix(src_node_kill[0], &psnk.psnk_src.addr.v.a.mask); + psnk.psnk_kill_linked_states = opts & PF_OPT_KILLLINKEDSTATES; + if ((ret_ga = getaddrinfo(src_node_kill[0], NULL, NULL, &res[0]))) { errx(1, "getaddrinfo: %s", gai_strerror(ret_ga)); /* NOTREACHED */ @@ -529,20 +531,23 @@ pfctl_kill_src_nodes(int dev, const char *iface, int opts) if (ioctl(dev, DIOCKILLSRCNODES, &psnk)) err(1, "DIOCKILLSRCNODES"); killed += psnk.psnk_killed; + killed_states += psnk.psnk_killed_states; } freeaddrinfo(res[1]); } else { if (ioctl(dev, DIOCKILLSRCNODES, &psnk)) err(1, "DIOCKILLSRCNODES"); killed += psnk.psnk_killed; + killed_states += psnk.psnk_killed_states; } } freeaddrinfo(res[0]); if ((opts & PF_OPT_QUIET) == 0) - fprintf(stderr, "killed %d src nodes from %d sources and %d " - "destinations\n", killed, sources, dests); + fprintf(stderr, "killed %d src nodes and %d linked states " + "from %d sources and %d destinations\n", + killed, killed_states, sources, dests); return (0); } @@ -2002,11 +2007,14 @@ main(int argc, char *argv[]) usage(); while ((ch = getopt(argc, argv, - "a:AdD:eqf:F:ghi:k:K:mnNOo:Pp:rRs:t:T:vx:z")) != -1) { + "a:AcdD:eqf:F:ghi:k:K:mnNOo:Pp:rRs:t:T:vx:z")) != -1) { switch (ch) { case 'a': anchoropt = optarg; break; + case 'c': + opts |= PF_OPT_KILLLINKEDSTATES; + break; case 'd': opts |= PF_OPT_DISABLE; mode = O_RDWR; diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h index 4560d66..b272b0b 100644 --- a/sbin/pfctl/pfctl_parser.h +++ b/sbin/pfctl/pfctl_parser.h @@ -51,6 +51,7 @@ #define PF_OPT_NUMERIC 0x1000 #define PF_OPT_MERGE 0x2000 #define PF_OPT_RECURSE 0x4000 +#define PF_OPT_KILLLINKEDSTATES 0x8000 #define PF_TH_ALL 0xFF diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index c16591b..e5395e3 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -697,6 +697,7 @@ struct pf_threshold { struct pf_src_node { LIST_ENTRY(pf_src_node) entry; + TAILQ_HEAD(, pf_state) state_list; struct pf_addr addr; struct pf_addr raddr; union pf_rule_ptr rule; @@ -787,6 +788,7 @@ struct pf_state { TAILQ_ENTRY(pf_state) sync_list; TAILQ_ENTRY(pf_state) key_list[2]; LIST_ENTRY(pf_state) entry; + TAILQ_ENTRY(pf_state) srcnode_link; struct pf_state_peer src; struct pf_state_peer dst; union pf_rule_ptr rule; @@ -1445,6 +1447,8 @@ struct pfioc_src_node_kill { struct pf_rule_addr psnk_src; struct pf_rule_addr psnk_dst; u_int psnk_killed; + u_int psnk_killed_states; + u_int psnk_kill_linked_states; }; struct pfioc_state_kill { diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 2de8c40..9da73c5 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -652,6 +652,8 @@ pf_insert_src_node(struct pf_src_node **sn, struct pf_rule *rule, rule->max_src_conn_rate.limit, rule->max_src_conn_rate.seconds); + TAILQ_INIT(&(*sn)->state_list); + (*sn)->af = af; (*sn)->rule.ptr = rule; PF_ACPY(&(*sn)->addr, src, af); @@ -1482,6 +1484,7 @@ static void pf_src_tree_remove_state(struct pf_state *s) { u_int32_t timeout; + struct pf_srchash *sh = NULL; if (s->src_node != NULL) { if (s->src.tcp_est) @@ -1493,6 +1496,12 @@ pf_src_tree_remove_state(struct pf_state *s) V_pf_default_rule.timeout[PFTM_SRC_NODE]; s->src_node->expire = time_uptime + timeout; } + sh = &V_pf_srchash[pf_hashsrc(&s->src_node->addr, s->src_node->af)]; + PF_HASHROW_LOCK(sh); + if (!TAILQ_EMPTY(&s->src_node->state_list)) + TAILQ_REMOVE(&s->src_node->state_list, s, srcnode_link); + PF_HASHROW_UNLOCK(sh); + } if (s->nat_src_node != s->src_node && s->nat_src_node != NULL) { if (--s->nat_src_node->states <= 0) { @@ -1502,6 +1511,11 @@ pf_src_tree_remove_state(struct pf_state *s) V_pf_default_rule.timeout[PFTM_SRC_NODE]; s->nat_src_node->expire = time_uptime + timeout; } + sh = &V_pf_srchash[pf_hashsrc(&s->nat_src_node->addr, s->nat_src_node->af)]; + PF_HASHROW_LOCK(sh); + if (!TAILQ_EMPTY(&s->nat_src_node->state_list)) + TAILQ_REMOVE(&s->nat_src_node->state_list, s, srcnode_link); + PF_HASHROW_UNLOCK(sh); } s->src_node = s->nat_src_node = NULL; } @@ -3407,6 +3421,7 @@ pf_create_state(struct pf_rule *r, struct pf_rule *nr, struct pf_rule *a, int tag, u_int16_t bproto_sum, u_int16_t bip_sum, int hdrlen) { struct pf_state *s = NULL; + struct pf_srchash *sh = NULL; struct pf_src_node *sn = NULL; struct tcphdr *th = pd->hdr.tcp; u_int16_t mss = V_tcp_mssdflt; @@ -3505,14 +3520,22 @@ pf_create_state(struct pf_rule *r, struct pf_rule *nr, struct pf_rule *a, s->expire = time_uptime; if (sn != NULL) { + sh = &V_pf_srchash[pf_hashsrc(&sn->addr, sn->af)]; + PF_HASHROW_LOCK(sh); s->src_node = sn; s->src_node->states++; + TAILQ_INSERT_HEAD(&sn->state_list, s, srcnode_link); + PF_HASHROW_UNLOCK(sh); } if (nsn != NULL) { /* XXX We only modify one side for now. */ + sh = &V_pf_srchash[pf_hashsrc(&nsn->addr, nsn->af)]; + PF_HASHROW_LOCK(sh); PF_ACPY(&nsn->raddr, &nk->addr[1], pd->af); s->nat_src_node = nsn; s->nat_src_node->states++; + TAILQ_INSERT_HEAD(&nsn->state_list, s, srcnode_link); + PF_HASHROW_UNLOCK(sh); } if (pd->proto == IPPROTO_TCP) { if ((pd->flags & PFDESC_TCP_NORM) && pf_normalize_tcp_init(m, diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 2b0f2cd..0267ef0 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -150,7 +150,8 @@ struct cdev *pf_dev; */ static void pf_clear_states(void); static int pf_clear_tables(void); -static void pf_clear_srcnodes(struct pf_src_node *); +static u_int32_t pf_clear_srcnodes(struct pf_src_node *, + int kill_states); static void pf_tbladdr_copyout(struct pf_addr_wrap *); /* @@ -3134,7 +3135,7 @@ DIOCCHANGEADDR_error: case DIOCCLRSRCNODES: { - pf_clear_srcnodes(NULL); + pf_clear_srcnodes(NULL, 0); pf_purge_expired_src_nodes(); V_pf_status.src_nodes = 0; break; @@ -3145,7 +3146,7 @@ DIOCCHANGEADDR_error: (struct pfioc_src_node_kill *)addr; struct pf_srchash *sh; struct pf_src_node *sn; - u_int i, killed = 0; + u_int i, killed = 0, killed_states = 0; for (i = 0, sh = V_pf_srchash; i < V_pf_srchashmask; i++, sh++) { @@ -3166,7 +3167,7 @@ DIOCCHANGEADDR_error: &sn->raddr, sn->af)) { /* Handle state to src_node linkage */ if (sn->states != 0) - pf_clear_srcnodes(sn); + killed_states += pf_clear_srcnodes(sn, psnk->psnk_kill_linked_states); sn->expire = 1; killed++; } @@ -3177,6 +3178,7 @@ DIOCCHANGEADDR_error: pf_purge_expired_src_nodes(); psnk->psnk_killed = killed; + psnk->psnk_killed_states = killed_states; break; } @@ -3360,24 +3362,12 @@ pf_clear_tables(void) return (error); } -static void -pf_clear_srcnodes(struct pf_src_node *n) +static u_int32_t +pf_clear_srcnodes(struct pf_src_node *n, int kill_states) { struct pf_state *s; int i; - - for (i = 0; i <= V_pf_hashmask; i++) { - struct pf_idhash *ih = &V_pf_idhash[i]; - - PF_HASHROW_LOCK(ih); - LIST_FOREACH(s, &ih->states, entry) { - if (n == NULL || n == s->src_node) - s->src_node = NULL; - if (n == NULL || n == s->nat_src_node) - s->nat_src_node = NULL; - } - PF_HASHROW_UNLOCK(ih); - } + int killed_states = 0; if (n == NULL) { struct pf_srchash *sh; @@ -3386,6 +3376,19 @@ pf_clear_srcnodes(struct pf_src_node *n) i++, sh++) { PF_HASHROW_LOCK(sh); LIST_FOREACH(n, &sh->nodes, entry) { + while (!TAILQ_EMPTY(&n->state_list)) { + s = TAILQ_FIRST(&n->state_list); + if (kill_states) { + pf_unlink_state(s, 0); + killed_states++; + } else { + PF_STATE_LOCK(s); + TAILQ_REMOVE(&n->state_list, s, srcnode_link); + s->src_node = NULL; + s->nat_src_node = NULL; + PF_STATE_UNLOCK(s); + } + } n->expire = 1; n->states = 0; } @@ -3393,9 +3396,24 @@ pf_clear_srcnodes(struct pf_src_node *n) } } else { /* XXX: hash slot should already be locked here. */ + while (!TAILQ_EMPTY(&n->state_list)) { + s = TAILQ_FIRST(&n->state_list); + if (kill_states) { + pf_unlink_state(s, 0); + killed_states++; + } else { + PF_STATE_LOCK(s); + TAILQ_REMOVE(&n->state_list, s, srcnode_link); + s->src_node = NULL; + s->nat_src_node = NULL; + PF_STATE_UNLOCK(s); + } + } n->expire = 1; n->states = 0; } + + return killed_states; } /* * XXX - Check for version missmatch!!! @@ -3459,7 +3477,7 @@ shutdown_pf(void) pf_clear_states(); - pf_clear_srcnodes(NULL); + pf_clear_srcnodes(NULL, 0); /* status does not use malloced mem so no need to cleanup */ /* fingerprints and interfaces have thier own cleanup code */ --Boundary-00=_EqkiSNwqoUJOzB0-- From owner-freebsd-pf@FreeBSD.ORG Tue Nov 19 17:56:02 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 837F79D6 for ; Tue, 19 Nov 2013 17:56:02 +0000 (UTC) Received: from r87-m4.fanbridge.com (r87-m4.fanbridge.com [208.101.11.87]) by mx1.freebsd.org (Postfix) with ESMTP id 4F4712098 for ; Tue, 19 Nov 2013 17:56:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=p04; d=fanbridge.com; h=From:To:Subject:Message-ID:List-Unsubscribe:Sender:Date:Content-Type:MIME-Version; i=noreply-collection-492702@fanbridge.com; bh=yjYdN/AmARLPAvWkeWnZ6MZ1aAw=; b=gOcmi1iR5YQ/qZUv/OSInkq1IGKTwdsuqR0EXrNF5QuorM36hsLsX5qdXExf2onU5pyo5VpNgTcw b8+YyWda3mRla3eqk4A0Whoie+4VGmX1z9hojvuumPSiBFLCWMmqb3oFc7yzPrJqi49Vsby/vk5y XPENRvUT+dLQdD+NbJk= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=p04; d=fanbridge.com; b=qgXHbtKxV27Ir/6od/L4L99Di/IpUJROGhb7lBkc5F+RAtJyXpmoFE9j3TwxcZKTzoHO5oV2T/Gg /IJzJc3MF6//y397dpdKpeCNy5dhAqh7oZt2NjfQ/yKE25FPL7tOhzrpxPf5lCWdaHkYAK45OqgZ OcJsTqKEE3MtXcG3FTE=; Received: from 127.0.0.1 (74.86.115.74) by r87-m4.fanbridge.com id hhej341lrc0p for ; Tue, 19 Nov 2013 12:55:55 -0500 (envelope-from <176374752-63980-94654-socialdigest@bounces.fanbridge.com>) From: "ZOO LIFE ENT." To: freebsd-pf@freebsd.org Subject: =?utf-8?Q?ZOO=20LIFE=20ENT.:=20Read=20The=20Latest=20Digest?= Message-ID: X-fbridge-collection: collection-492702 X-fbridge-sid: 176374752 X-fbridge-cfc: P91er2YdbBeth9e61b5khaYY61 X-fbridge-uid: 63980 X-fbridge-sdrid: 94654 X-fbridge-feature: socialdigest X-fbridge-cluster: martini X-Report-Abuse: Please report abuse here: http://www.fanbridge.com/contact.php?report_abuse Sender: FanBridge Date: Tue, 19 Nov 2013 12:55:55 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.16 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2013 17:56:02 -0000 =20 =09=09Email not displaying correctly? View it in your browser. [1] ZOO LIFE ENT.=20 Social Digest for the week of November 18, 2013 Follow Me: [2] [3] [4] [5] =20 WELCOME TO THIS WEEKS SOCIAL DIGEST! BELOW YOULL FIND A RECAP OF SOME =09 great things that happened over the past week. If you like what you read, just click on it and reply, comment, post or let us know what you think! Thanks for your support. =20 See something you think is hot? Share it with your friends by clicking on the fire icon =09=09 =09=09 [6] =09=09 [7] =20 =09=09Featured Sponsor =09=09 [8] =09=09 [9] =20 =09 How you a ganbanger with paid armored body guardz TO SNITCH CARRYING THE STRAP.. U REALLY JUST A BUSTA WIT A TARGET ON YA BACK =20 =09=09 _1 retweet_ [10]=20 =09=09 [11]=20 =09=09via Twitter [12] on 11.18.13 =09=09 [13] =09 "@zayy4hunnid: @40GLOCC watts poppinn." -WHAT THAT SH!T ZOO! =20 =09=09 _1 retweet_ [14]=20 =09=09 [15]=20 =09=09via Twitter [16] on 11.18.13 =09=09 [17] =09DONT NEED NO WORDZ MY PICZ SPEAK FOR ME.. IM OUT GETTTING BREAD.. THE JEWELZ IS MUSTARD.. U FOOLZ BETTA KETCHUP! #ZOOLIFE #ZOOGANG #40GLOCC #YONJU #FITNESS #GYM #WORKOUT #MUSIC #GUNIT #CANADA #ROBFORD =20 =09=09 [18]=20 =09=09 [19]=20 =09=09 via Instagram [20] on 11.18.13=20 =09=09 [21] =09=09 [26] =20 =09=09 [28]=20 =09=09 [29]=20 =09=09VIA INSTAGRAM [30] ON 11.14.13 =09=09 [31] =09@locielocc ME border-bottom: none">=20 =09 DONT NEED NO WORDZ MY PICZ SPEAK FOR ME.. IM OUT GETTTING BREAD.. THE JEWELZ IS MUSTARD.. U FOOLZ…=20 http://t.co/YezX2MrCfg [45] =20 =09=09 [46]=20 =09=09via Twitter [47] on 11.18.13 =09=09 [48] =09 Hit me on snap chat.. my user name is yonju =20 =09=09 [49]=20 =09=09via Twitter [50] on 11.16.13 =09=09 [51] =09WHY POP MOLLY WHEN U CAN SMOKE CRACK WITH "MAYOR ROB FORD" LOL.. THIS FOOL SAID HE DOD NOT SMOKE CRACK AGAIN IN THE BUILDING.. LOL..HE HAD THE WHOLE CITY COUNCIL BUILDING LAUGHING.. HE DONT GIVE A PHUCK!! LOL @jennasheagetspaid=20 LOL!.. IM BOUT TO FIND THE 1 WHERE HE ARGUEING WIT THE BLACK DUDE AND ASKED IF HE BEEN IN THAT CRACK HOUSE!!.. LOL #40GLOCC #ROBFORD #YONJU #canada #ZOOGANG... =20 =09=09 [52]=20 =09=09 [53]=20 =09=09 via Instagram [54] on 11.14.13=20 =09=09 [55] =09=09 [56] =20 =09 Leggo "@thaboy12: @40GLOCC Whats Good Bro You Down For In Hawaii With The Host @lil_justen On @258Mafia... =20 =09=09 _2 retweets_ [57]=20 =09=09 [58]=20 =09=09via Twitter [59] on 11.14.13 =09=09 [60] =09 I DONT POP MOLLY... ALL I SMOKE IS CRACK... CALL IT "ROB FORD" (JAY-Z VOICE).. LOL.. ROB FORD FOR… ... =20 =09=09 _1 retweet_ [61]=20 =09=09 [62]=20 =09=09via Twitter [63] on 11.14.13 =09=09 [64] =09I DONT POP MOLLY... ALL I SMOKE IS CRACK... CALL IT "ROB FORD" (JAY-Z VOICE).. LOL.. ROB FORD FOR PRESIDENT!!.. THAT FOOL EXCUSE IS.. HEY O WELL I FUCKED UP.. SO WHAT.. LOL!!.. #40GLOCC #ZOOLIFE #ZOOGANG #YONJU #POLITICS #ROBFORD #CANADA =20 =09=09 [65]=20 =09=09 [66]=20 =09=09 via Instagram [67] on 11.14.13=20 =09=09 [68] =09 WHY POP MOLLY WHEN U CAN SMOKE CRACK WITH "MAYOR ROB FORD" LOL.. THIS FOOL SAID HE DOD NOT SMOKE CRACK… ... =20 =09=09 [69]=20 =09=09via Twitter [70] on 11.14.13 =09=09 [71] =09 ROB FORD IS A BRAST!!.. HE SAID IF U HAVENT BEEN IN THE CRACLHOUSE WITH HIM.. THEN DONT 5RY TO TELL…=20 http://t.co/mlueAV0p2u [72] =20 =09=09 [73]=20 =09=09via Twitter [74] on 11.14.13 =09=09 [75] =09I HEARD I SOLD MY SOUL.. IM A PART OF Illuminati.. IMA PUNK..I LOST MY STREET CRED.. LOL.. IMA SNITCH.. IM SCARY.. IMA NOBODY.. IM NOT A CELEBRITY..IM NOT A GANGSTA.. IM FAKE.. MY LIFE FAKE.. ETC.. "HATER RUMORS WILL ALWAYS MAKE IT SEEM LIKE THEY KNOW MORE ABOUT U THEN YOU KNOW ABOUT YOURSELF".. DO WHAT THOU WILT"..IM ON MY SQUARE BITCH.. ILLUMINATI UP IN THIS BIATCH!..... =20 =09=09 [76]=20 =09=09 [77]=20 =09=09 via Instagram [78] on 11.13.13=20 =09=09 [79] =09 TAKE A LOOK AT THE BAD GUY... #FUCKYOUPAYME #SHOWMETHEMONEY #40GLOCC #YONJU #ZOOGANG #ZOOLIFE #MUSIC… ... =20 =09=09 [80]=20 =09=09via Twitter [81] on 11.06.13 =09=09 [82] =09 SUPPORT MY LOC FUNCTION.. WE WILL BE IN THE BUILDING.. #ZOOLIFE #40GLOCC #YONJU #ZOOGANG >>>Lets see… ... =20 =09=09 [83]=20 =09=09via Twitter [84] on 11.06.13 =09=09 [85] =09#ZOOLIFE ..(BROUGHT MY HOMIEZ @LOCIELOCC & @TYAMAC) WITH ME ON THE RED CARPET TO SOULTRAIN AWARDS.. GET USED 2 THEM FOLLOW THEM.. WATCH THE MOVEMENT OF (STARS IN THE MAKING) IM Independent border-bottom: none" colspan=3D"5">=20 =09LIVE AND DIRECT... I HEARD I WAS BLACK BALLED??.. BITCH MY BALLS IS BLACK .. I WAS BORN BLACK.. BORN A HAVE NOT.. U CANT BLACK BALL A REAL.NIGGA LIKE ME.. #AGAINSTALLODDS #SOULTRAINAWARDS #40GLOCC #YONJU #MUSIC #MUSCLE #ZOOLIFE #ZOOGANG =20 =09=09 [90]=20 =09=09 [91]=20 =09=09 via Instagram [92] on 11.13.13=20 =09=09 [93] =09I GOT MINE... LOL... DIG THAT!!!...DUMMIES CALL OT KARMA.. I CALL IT A BLESSING!.. $$$$$$$$ #ZOOGANG #ZOOLIFE #40GLOCC #YONJU #MUSIC #FITNESS #GYM =20 =09=09 [94]=20 =09=09 [95]=20 =09=09 via Instagram [96] on 11.12.13=20 =09=09 [97] =09This my view at soultrain.. all access gagnsta shit.. we do what we want go where we want.. say what we want.. #YONJU #40GLOCC #ZOOGANG #ZOOLIFE #FITNESS #MUSIC #GYM =20 =09=09 [98]=20 =09=09 [99]=20 =09=09 via Instagram [100] on 11.12.13=20 =09=09 [101] =09ME AND THE HOMIES @joejudah color:#ACACAC;line-height:18px;" width=3D"478"> ZOO LIFE ENT. sent this message to freebsd-pf@freebsd.= org Questions? Contact ZOO LIFE ENT.=20 c/o FanBridge, Inc. - 14525 SW Millikan Way #16910 Beaverton Oregon 97005 United States Powered by: [109] =20 =20 ------ [1][6] http://40GLOCC.fanbridge.com/socialdigest/show.php?sdrid=3D94654&sid=3D1= 76374752 [2] http://facebook.com/125820717478711 [3] http://instagram.com/40glocc [4] https://www.youtube.com/subscription_center?add_user_id=3DRwe0GCrUNFehlS= gGLcy7AQ [5][11][12][15][16][23][24][33][34][38][39][46][47][49][50][58][59][62][= 63][69][70][73][74][80][81][83][84] http://twitter.com/ [7][8] https://www.spotify.com/?utm_source=3Dspotify_webplayer&utm_medium=3Dmkt= _consumer&utm_campaign=3Dacquisition_magnacarta_email_us&utm_content=3Du= s500616&utm_term=3Demail [9][56] https://play.spotify.com/album/0OTjYdGtP7AbwOwbYsGhyi?utm_source=3Dspoti= fy_webplayer&utm_medium=3Dmkt_consumer&utm_campaign=3Dacquisition_magnac= arta_email_us&utm_content=3Dus500614&utm_term=3Demail [10][13] https://twitter.com/#!//status/402352440718000128 [14][17] https://twitter.com/#!//status/402352791013715968 [18][21] http://instagram.com/p/g2wJpLFHTh/ [19][20][42][43][53][54][66][67][77][78][87][88][91][92][95][96][99][100= ][103][104] http://40GLOCC.fanbridge.com [22] https://twitter.com/#!//status/401605178731663361 [25] HTTPS://TWITTER.COM/#!//STATUS/401605178731663361 [26][27] HTTPS://PLAY.SPOTIFY.COM/ALBUM/37UQAKT9DLSLOB7YOMDWY4?UTM_SOURCE=3DSPOTI= FY_WEBPLAYER&UTM_MEDIUM=3DMKT_CONSUMER&UTM_CAMPAIGN=3DACQUISITION_MAGNAC= ARTA_EMAIL_US&UTM_CONTENT=3DUS500615&UTM_TERM=3DEMAIL [28] HTTP://INSTAGRAM.COM/P/GTMDMHFHCX/ [29][30] HTTP://40GLOCC.FANBRIDGE.COM [31] http://instagram.com/p/gtmDmhFHcX/ [32][35] https://twitter.com/#!//status/401866288277897216 [36] http://t.co/XCBDcLKeuG [37][40] https://twitter.com/#!//status/401664958288506880 [41][44] http://instagram.com/p/gsgkdNFHcw/ [45] http://t.co/YezX2MrCfg [48] https://twitter.com/#!//status/402409604438851584 [51] https://twitter.com/#!//status/401853861297532929 [52][55] http://instagram.com/p/gsE_7MFHZy/ [57][60] https://twitter.com/#!//status/401134816873029632 [61][64] https://twitter.com/#!//status/400878386874425344 [65][68] http://instagram.com/p/gr3oNvFHR0/ [71] https://twitter.com/#!//status/400907754984206337 [72] http://t.co/mlueAV0p2u [75] https://twitter.com/#!//status/401121568769966080 [76][79] http://instagram.com/p/grSUenlHY2/ [82] https://twitter.com/#!//status/397922682488238081 [85] https://twitter.com/#!//status/398192589348044800 [86][89] http://instagram.com/p/gq2gsJlHf9/ [90][93] http://instagram.com/p/gpRvOSlHYt/ [94][97] http://instagram.com/p/gpEn1fFHec/ [98][101] http://instagram.com/p/go50IRlHSE/ [102][105] http://instagram.com/p/gou8Q8FHS6/ [106] http://40GLOCC.fanbridge.com/unsubscribe/socialdigest/unsubscribe.php?us= erid=3D63980&sid=3D176374752&confCode=3DP91er2YdbBeth9e61b5khaYY61&sdrid= =3D94654 [107] http://40GLOCC.fanbridge.com/?userid=3D63980&email=3Dfreebsd-pf@freebsd.= org&confCode=3DP91er2YdbBeth9e61b5khaYY61 [108] http://www.fanbridge.com/privacy.php [109] http://www.fanbridge.com/?src=3Dlogo_footer_sd_v4&utm_source=3Dpowered_b= y&utm_medium=3Demail&utm_campaign=3DSocialDigest From owner-freebsd-pf@FreeBSD.ORG Thu Nov 21 10:03:40 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5410F7C5 for ; Thu, 21 Nov 2013 10:03:40 +0000 (UTC) Received: from mail56.mimecast.co.za (mail56.mimecast.co.za [41.74.197.56]) by mx1.freebsd.org (Postfix) with ESMTP id 45192278C for ; Thu, 21 Nov 2013 10:03:38 +0000 (UTC) Received: from gszajnb205.anglo.local (jnbmail6.angloamerican.co.uk [196.38.152.134]) (Using TLS) by mail56.mimecast.co.za; Thu, 21 Nov 2013 11:57:14 +0200 Received: from gszajnb206.anglo.local (10.144.24.206) by jnbmail3.angloamerican.co.uk (172.27.1.9) with Microsoft SMTP Server (TLS) id 8.3.298.1; Thu, 21 Nov 2013 11:57:14 +0200 Received: from GSZAJNB234.anglo.local ([10.144.24.217]) by gszajnb206.anglo.local ([10.144.60.128]) with mapi; Thu, 21 Nov 2013 11:57:13 +0200 From: "Van den Berg, Pieter" To: "freebsd-pf@freebsd.org" Date: Thu, 21 Nov 2013 11:57:12 +0200 Subject: FREEBSD PF, Securing a R150, 000 Personal Loan in 1 Hour is that Easy - Super-Loan.co.za Thread-Topic: FREEBSD PF, Securing a R150, 000 Personal Loan in 1 Hour is that Easy - Super-Loan.co.za Thread-Index: Ac7mn/uweUlvhvDnTrWCyCT9vzR4Aw== Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US X-TM-AS-Product-Ver: SMEX-10.0.0.4238-7.000.1014-20308.004 X-TM-AS-Result: No--4.719000-4.000000-31 X-TM-AS-User-Approved-Sender: No X-TM-AS-User-Blocked-Sender: No MIME-Version: 1.0 X-MC-Unique: 113112111571404802 Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.16 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Nov 2013 10:03:40 -0000 I AM INTERETED IN APPLYING FOR A LOAN Pieter van den Berg Sect. Surveyor Tel: 0147841177 From owner-freebsd-pf@FreeBSD.ORG Fri Nov 22 19:22:48 2013 Return-Path: Delivered-To: freebsd-pf@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8A685646; Fri, 22 Nov 2013 19:22:48 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6092F28F9; Fri, 22 Nov 2013 19:22:48 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id rAMJMmo0088639; Fri, 22 Nov 2013 19:22:48 GMT (envelope-from glebius@freefall.freebsd.org) Received: (from glebius@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id rAMJMlaL088638; Fri, 22 Nov 2013 19:22:47 GMT (envelope-from glebius) Date: Fri, 22 Nov 2013 19:22:47 GMT Message-Id: <201311221922.rAMJMlaL088638@freefall.freebsd.org> To: vegeta@tuxpowered.net, glebius@FreeBSD.org, freebsd-pf@FreeBSD.org, glebius@FreeBSD.org From: glebius@FreeBSD.org Subject: Re: kern/176763: [pf] [patch] Removing pf Source entries locks kernel. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Nov 2013 19:22:48 -0000 Synopsis: [pf] [patch] Removing pf Source entries locks kernel. State-Changed-From-To: open->patched State-Changed-By: glebius State-Changed-When: Fri Nov 22 19:14:57 UTC 2013 State-Changed-Why: Fixed in head, thanks! Responsible-Changed-From-To: freebsd-pf->glebius Responsible-Changed-By: glebius Responsible-Changed-When: Fri Nov 22 19:14:57 UTC 2013 Responsible-Changed-Why: Fixed in head, thanks! http://www.freebsd.org/cgi/query-pr.cgi?pr=176763