From owner-freebsd-pf@freebsd.org Sun Oct 28 05:33:48 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3839310E3F93 for ; Sun, 28 Oct 2018 05:33:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id C8CC270A2E for ; Sun, 28 Oct 2018 05:33:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 8DF7910E3F92; Sun, 28 Oct 2018 05:33:47 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7CA8510E3F91 for ; Sun, 28 Oct 2018 05:33:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1674D70A2B for ; Sun, 28 Oct 2018 05:33:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 5DC8B17AAE for ; Sun, 28 Oct 2018 05:33:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w9S5XkoY030463 for ; Sun, 28 Oct 2018 05:33:46 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w9S5XkFd030462 for pf@FreeBSD.org; Sun, 28 Oct 2018 05:33:46 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 201695] [PATCH] pf.conf syntax (interface:0) incorrectly results in IPv6 link-local address Date: Sun, 28 Oct 2018 05:33:46 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Oct 2018 05:33:48 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D201695 --- Comment #2 from commit-hook@freebsd.org --- A commit references this bug: Author: kp Date: Sun Oct 28 05:32:51 UTC 2018 New revision: 339835 URL: https://svnweb.freebsd.org/changeset/base/339835 Log: pf: Make ':0' ignore link-local v6 addresses too When users mark an interface to not use aliases they likely also don't want to use the link-local v6 address there. PR: 201695 Submitted by: Russell Yount Differential Revision: https://reviews.freebsd.org/D17633 Changes: head/sbin/pfctl/pfctl_parser.c head/share/man/man5/pf.conf.5 head/sys/netpfil/pf/pf_if.c --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Sun Oct 28 05:40:09 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7D61A10E80AD for ; Sun, 28 Oct 2018 05:40:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 1AA4C70B62 for ; Sun, 28 Oct 2018 05:40:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id D069610E80AC; Sun, 28 Oct 2018 05:40:08 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BD59F10E80AB for ; Sun, 28 Oct 2018 05:40:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D71E70B60 for ; Sun, 28 Oct 2018 05:40:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 7CF4017ABC for ; Sun, 28 Oct 2018 05:40:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w9S5e7CT036695 for ; Sun, 28 Oct 2018 05:40:07 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w9S5e7Pg036694 for pf@FreeBSD.org; Sun, 28 Oct 2018 05:40:07 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 201695] [PATCH] pf.conf syntax (interface:0) incorrectly results in IPv6 link-local address Date: Sun, 28 Oct 2018 05:40:07 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: FIXED X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Oct 2018 05:40:09 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D201695 Kristof Provost changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Closed Resolution|--- |FIXED --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Sun Oct 28 05:59:28 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C27DF10E864B for ; Sun, 28 Oct 2018 05:59:28 +0000 (UTC) (envelope-from daemon-user@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5F904714E3 for ; Sun, 28 Oct 2018 05:59:28 +0000 (UTC) (envelope-from daemon-user@freebsd.org) Received: from reviews.nyi.freebsd.org (reviews.nyi.freebsd.org [IPv6:2610:1c1:1:607c::16:b]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 33E801B595 for ; Sun, 28 Oct 2018 05:59:28 +0000 (UTC) (envelope-from daemon-user@freebsd.org) Received: by reviews.nyi.freebsd.org (Postfix, from userid 1346) id 24AEA1BF9CE; Sun, 28 Oct 2018 05:59:28 +0000 (UTC) Date: Sun, 28 Oct 2018 05:59:28 +0000 To: freebsd-pf@freebsd.org From: "kristof (Kristof Provost)" Reply-to: D1309+331+c1334996320fd57d@reviews.freebsd.org Subject: [Differential] D1309: VIMAGE PF fixes #1 Message-ID: X-Priority: 3 X-Phabricator-Sent-This-Message: Yes X-Mail-Transport-Agent: MetaMTA X-Auto-Response-Suppress: All X-Phabricator-Mail-Tags: , , X-Herald-Rules: none, <78>, <81>, <103> X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-To: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: X-Phabricator-Cc: Precedence: bulk Thread-Topic: PHID-DREV-s3ozye4th7n7swlll3te X-Phabricator-Mail-ID: 1251696 X-Phabricator-Send-Attempt: xdmaufbnajn466ew In-Reply-To: References: Thread-Index: NzA2ZjJlODRkOGZmNmYwM2M1MmQ1N2YzYTJkIFvVUEA= X-Phabricator-Stamps: actor(@kristof) application(Differential) author(@rodrigc) herald(H78) herald(H81) herald(H103) monogram(D1309) object-type(DREV) phid(PHID-DREV-s3ozye4th7n7swlll3te) reviewer(#network) reviewer(@bz) reviewer(@glebius) reviewer(@gnn) reviewer(@trociny) reviewer(@zec) revision-status(published) subscriber(@ae) subscriber(@emaste) subscriber(@farrokhi) subscriber(@freebsd-net-list) subscriber(@freebsd-pf-list) subscriber(@freebsd-virtualization-list) subscriber(@kristof) subscriber(@robak) via(web) MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Oct 2018 05:59:28 -0000 a3Jpc3RvZiBjbG9zZWQgdGhpcyByZXZpc2lvbi4Ka3Jpc3RvZiBhZGRlZCBhIGNvbW1lbnQuCkhl cmFsZCBhZGRlZCBzdWJzY3JpYmVyczogZmFycm9raGksIGFlLgoKCiAgQXNzb3J0ZWQgcGYgVklN QUdFIGZpeGVzIGhhdmUgYmVlbiBkb25lLCBhbmQgcGYgaXMgbm93IHVzYWJsZSBpbnNpZGUgVklN QUdFIGphaWxzLgoKQ0hBTkdFUyBTSU5DRSBMQVNUIEFDVElPTgogIGh0dHBzOi8vcmV2aWV3cy5m cmVlYnNkLm9yZy9EMTMwOS9uZXcvCgpSRVZJU0lPTiBERVRBSUwKICBodHRwczovL3Jldmlld3Mu ZnJlZWJzZC5vcmcvRDEzMDkKCkVNQUlMIFBSRUZFUkVOQ0VTCiAgaHR0cHM6Ly9yZXZpZXdzLmZy ZWVic2Qub3JnL3NldHRpbmdzL3BhbmVsL2VtYWlscHJlZmVyZW5jZXMvCgpUbzogcm9kcmlnYywg I25ldHdvcmssIHRyb2NpbnksIGdsZWJpdXMsIGdubiwgYnosIHplYwpDYzogYWUsIGZhcnJva2hp LCBrcmlzdG9mLCByb2JhaywgZW1hc3RlLCBmcmVlYnNkLXZpcnR1YWxpemF0aW9uLWxpc3QsIGZy ZWVic2QtcGYtbGlzdCwgZnJlZWJzZC1uZXQtbGlzdAo= From owner-freebsd-pf@freebsd.org Sun Oct 28 05:37:53 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DC9A210E8055 for ; Sun, 28 Oct 2018 05:37:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 7221370B4A for ; Sun, 28 Oct 2018 05:37:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 3763B10E8054; Sun, 28 Oct 2018 05:37:53 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 263EC10E8053 for ; Sun, 28 Oct 2018 05:37:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A7BD470B47 for ; Sun, 28 Oct 2018 05:37:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id D852417AB5 for ; Sun, 28 Oct 2018 05:37:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w9S5bpxU034353 for ; Sun, 28 Oct 2018 05:37:51 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w9S5bpqD034352 for pf@FreeBSD.org; Sun, 28 Oct 2018 05:37:51 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 201695] [PATCH] pf.conf syntax (interface:0) incorrectly results in IPv6 link-local address Date: Sun, 28 Oct 2018 05:37:51 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: commit-hook@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Oct 2018 05:37:54 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D201695 --- Comment #3 from commit-hook@freebsd.org --- A commit references this bug: Author: kp Date: Sun Oct 28 05:37:15 UTC 2018 New revision: 339836 URL: https://svnweb.freebsd.org/changeset/base/339836 Log: pf tests: Test ':0' ignoring link-local addresses PR: 201695 Changes: head/tests/sys/netpfil/pf/pass_block.sh --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Sun Oct 28 21:00:13 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 734A510E0766 for ; Sun, 28 Oct 2018 21:00:13 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 13F8D6FB4B for ; Sun, 28 Oct 2018 21:00:13 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id CCDAD10E0763; Sun, 28 Oct 2018 21:00:12 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BBD9810E0762 for ; Sun, 28 Oct 2018 21:00:12 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6222D6FB47 for ; Sun, 28 Oct 2018 21:00:12 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 92C2C1F9D8 for ; Sun, 28 Oct 2018 21:00:11 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w9SL0Bu7060011 for ; Sun, 28 Oct 2018 21:00:11 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w9SL0B5n060006 for pf@FreeBSD.org; Sun, 28 Oct 2018 21:00:11 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201810282100.w9SL0B5n060006@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: pf@FreeBSD.org Subject: Problem reports for pf@FreeBSD.org that need special attention Date: Sun, 28 Oct 2018 21:00:11 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Oct 2018 21:00:13 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- Open | 203735 | Transparent interception of ipv6 with squid and p 1 problems total for which you should take action. From owner-freebsd-pf@freebsd.org Wed Oct 31 11:45:39 2018 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7814610D481D for ; Wed, 31 Oct 2018 11:45:39 +0000 (UTC) (envelope-from jjasen@gmail.com) Received: from mail-qt1-x82d.google.com (mail-qt1-x82d.google.com [IPv6:2607:f8b0:4864:20::82d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0C4A270DD4 for ; Wed, 31 Oct 2018 11:45:39 +0000 (UTC) (envelope-from jjasen@gmail.com) Received: by mail-qt1-x82d.google.com with SMTP id v1-v6so13013102qtq.5 for ; Wed, 31 Oct 2018 04:45:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:openpgp:autocrypt:subject:message-id:date:user-agent :mime-version:content-language; bh=YTILJoAjTW8qNEAUpE/loCaw83SXZB607TjYsHiDm9A=; b=XeH/S0QPfgrkhuz1ZS80gkUH2ERKHg8+yM2HSznn7C4k8TdTHQpLtpWKxSXR3XzK+p VgOcvv3Tu+tSbT4EbLxaHnzXqj2uPLuzmseCNa+tp9Vjz9wwIG0r6A5tz/WZYLm7YAD/ gUHGiBXbeOpVQSRxEedVpJXTSIfI9xEXwikjLS8etTr2h99+6Jqny0rL07B4+2uoScaX w76xjHxbchh3QLjHkTQg/ohbNlrdnnOVpfSyY+h9BxM5DCRrQWWMsLlHLxBUW2SF5zBn PBHh/ayZ0vlmNLBqsTKNJY5xShg0SC8+v9mZNYqQh5Jl+SnP6EdSrg9U7eQyeMfMZ50v Okuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:openpgp:autocrypt:subject:message-id :date:user-agent:mime-version:content-language; bh=YTILJoAjTW8qNEAUpE/loCaw83SXZB607TjYsHiDm9A=; b=WAF3kTy3alm3WEIeZYnoGBhDOtynRKnljM+KDh1U7DVTE5dEKJ2igFvQQs2/YLiTb6 O5sXqMmfEVb7i+8uG5R3GYsxDZorcgaom1TFvhlmzCKn/NjcnB+oqxo5yu8ieJ5M86cy Zod8OvHpAfgleqqDEWVuq4L7Q69nZbFHR24w+S2+NZaO6z+u/gL+YpT8sivPR+kfnEjy 8ExsP48pTYumxW/ZU/QvAjZ+VInRvPnnSHCRD3uhPhzHBXFhUWFbasBO+aZ4rf5MVvsn DyerZDfvjKEFMkun6me1seqrGKOHfgLr5h44ybr63aPwHF3GQ8+DpxnQErc/Is/ZS4+y IWGQ== X-Gm-Message-State: AGRZ1gLcIMlBWyvNiXi3ee2osYu4Fl1nFtW9NorbfGCx7FiHOgqN76hc /qYrR29i3Q5tPDoPK5ISmjo9kQ2f X-Google-Smtp-Source: AJdET5emQVGv9vOsOrqdHKEWVzL+Q1BPO2jVB+n0y+qI4iG3dZwL9QhqkhUIz0nNb8BoTcU5GUN8VA== X-Received: by 2002:aed:3445:: with SMTP id w63-v6mr2241165qtd.346.1540986338096; Wed, 31 Oct 2018 04:45:38 -0700 (PDT) Received: from [192.168.1.7] (pool-71-166-47-163.bltmmd.fios.verizon.net. [71.166.47.163]) by smtp.googlemail.com with ESMTPSA id k188-v6sm14252042qkb.3.2018.10.31.04.45.37 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Oct 2018 04:45:37 -0700 (PDT) To: FreeBSD PF From: John Jasen Openpgp: preference=signencrypt Autocrypt: addr=jjasen@gmail.com; keydata= xsDiBD6teiwRBADgIwslBO2Zcvj4fSulZLBxkGozRwkw75Sp7flp2I7f3Xv2SJNnNdDR2fSP WkJDZKR6897HgTO+ymFUOAbashYC3HWShPwskhpf7IE7kjaCacZ/9J47Hr/ZXpYPfRZXz1rP oX64I3rZRJmZe7mYGwXHrjth5aGGQz8JjOR9hFrBxwCgzeWoGVo6oG+f7U4vqT3WidCNIjME AI2ATIcgh9k6faiY+PQHl/NmzDojhs11jWN+z8cgAxfDtEzEkY+516kaBuG5Z8BKj6RlxH4/ crwx9GB2Uxwx5sS1tjahPVBq1toB7UDVKXq5Azeh9AY1EiAMDJyyUOmYgPvbcWTYZ4h7Khrs x1H2fz2H82btjnVaihwu8/djqpqzBAC3cjQ3mYovFIqHIIf/TWY/XS1c9V1zuYjgd6vDW9qV DFB9u6ZOw7sNfESjC9KlPbSfMigKd3RgYmIDhuNA2iE2evjYj8LioKXzx/rcUgbUD5pikKfg 6KexF88CuLMJYxc4YJUat/OEIYp0tXJyu3E714tfqzzBcmtgbWk2bmgWN80zSm9obiBKYXNl biAobWFpbiBlbWFpbCkgPGpqYXNlbkByZWFsaXR5ZmFpbHVyZS5vcmc+wloEExECABoFCwcK AwQDFQMCAxYCAQIXgAUCTJNrlQIZAQAKCRB8EKIWAeDGRBQpAKCTtcJ4jz50JWsjCOrMG69K 3Fs3VwCgo3kr8SqPP24Xw9W2kM1m4tdZzljOwE0EPq16QhAEAPgfFATG5kmX4yjcOj2bilTD 9lTdvJUCaQ5FdLycGx9sseMMwaWUlsiTv25LyIQUZ3z8ifmtsylmYefEun/bpJw5gCGMfXKm ZuXbA3AqbI3U0SthZmbn2P9CPfuMVDAut+f3FdZzLH1NlAS1kY1u2rxzK1R1SLgb2KnTD2DN BxGDAAMFBACsP6W5kxawClUBQnQgvN46gxLlt0eNM4tVmH5wR2I7WTnh45Dy5jqnC8WOYbRn yDrySnA7ZKStiJBSxNHDKBXniRpRNmWWXoLrITaIyPo8NukKObHKKIP+FupSdg5Uo1C1iJkQ 6iarV4uO3fgCttnAp7/mhs1YswvKHWA3orELFcJGBBgRAgAGBQI+rXpCAAoJEHwQohYB4MZE TG8An1eJgR0d60NGrYUKVvnccUefUaS3AJ919cZDBUSA/t2Da6D0pUG+OCU43w== Subject: NFSv4 connections and pf: BAD state stalling issues? Message-ID: Date: Wed, 31 Oct 2018 07:45:36 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 Content-Language: en-US Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Oct 2018 11:45:39 -0000 We run pf-based firewalls between linux-based servers and linux-clients over NFSv4. Periodically, events we've not pinned down cause the connection to be blocked at the firewall, manifesting as stale NFS mounts on the clients. These blocks were not logged at normal levels in pflog. I need to double check to see if enabling verbose logging has helped. The only way we've found to unblock them is to manually flush the state between the offending clients and the server with pfctl -k server-ip -k client-ip Before flushing the state table, pfctl -x loud will show: kernel: pf: BAD state: TCP in wire: client-ip:priv-port server-ip:2049 stack: - [lo=3D1342594619 high=3D1342782267 win=3D38400 modulator=3D0 wsc= ale=3D11] [lo=3D905052699 high=3D982817819 win=3D733 modulator=3D0 wscale=3D8] 4:4 = S seq=3D4197460108 (4197460108) ack=3D905052699 len=3D0 ackskew=3D0 pkts=3D290647578:883730744 dir=3Din,fwd So, it looks to me like the client lost contact initially, and is attempting to re-establish the connection. Given its recycling the same source port and destination and its a new SYN, this drives pf to declare the state bad and drop it. Any ideas on how to address this? Or where to look for issues? Thanks in advance! -- John Jasen