From owner-freebsd-pf@freebsd.org Sun Jan 31 21:00:56 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0DA185266C1 for ; Sun, 31 Jan 2021 21:00:56 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4DTNlW4Yqwz4f1t for ; Sun, 31 Jan 2021 21:00:55 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.nyi.freebsd.org (Postfix) id 863BB5266BF; Sun, 31 Jan 2021 21:00:55 +0000 (UTC) Delivered-To: pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 85E34526822 for ; Sun, 31 Jan 2021 21:00:55 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DTNlW1mKmz4fGB for ; Sun, 31 Jan 2021 21:00:54 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 842FB718D for ; Sun, 31 Jan 2021 21:00:53 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 10VL0r3r061562 for ; Sun, 31 Jan 2021 21:00:53 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 10VL0rxq061561 for pf@FreeBSD.org; Sun, 31 Jan 2021 21:00:53 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <202101312100.10VL0rxq061561@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: pf@FreeBSD.org Subject: Problem reports for pf@FreeBSD.org that need special attention Date: Sun, 31 Jan 2021 21:00:53 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2021 21:00:56 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- Open | 203735 | Transparent interception of ipv6 with squid and p Open | 237973 | pf: implement egress keyword to simplify rules ac 2 problems total for which you should take action. From owner-freebsd-pf@freebsd.org Mon Feb 1 14:49:07 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 76D3552CA32 for ; Mon, 1 Feb 2021 14:49:07 +0000 (UTC) (envelope-from skeletor@lissyara.su) Received: from mx.lissyara.su (mx.lissyara.su [91.227.16.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4DTrS11QJrz3m6k for ; Mon, 1 Feb 2021 14:49:04 +0000 (UTC) (envelope-from skeletor@lissyara.su) Received: from [82.193.108.250] (port=56817 helo=MacBook-Air-sergei.local) by mx.lissyara.su with esmtpa (Exim 4.92 (FreeBSD)) (envelope-from ) id 1l6aVb-0003Jv-Da; Mon, 01 Feb 2021 17:48:55 +0300 Reply-To: skeletor@lissyara.su Subject: Re: FreeBSD 12.2 reply-to doesn't work To: Kajetan Staszkiewicz , freebsd-pf@freebsd.org References: <177e3b47-2fc5-695c-bbb5-ea9497e3f384@lissyara.su> From: skeletor Message-ID: <82066829-69b0-f3ab-edf8-37bf8777a7a2@lissyara.su> Date: Mon, 1 Feb 2021 16:48:53 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: ru Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4DTrS11QJrz3m6k X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of skeletor@lissyara.su has no SPF policy when checking 91.227.16.33) smtp.mailfrom=skeletor@lissyara.su X-Spamd-Result: default: False [-2.08 / 15.00]; HAS_REPLYTO(0.00)[skeletor@lissyara.su]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; REPLYTO_ADDR_EQ_FROM(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[91.227.16.33:from]; AUTH_NA(1.00)[]; DMARC_NA(0.00)[lissyara.su]; SPAMHAUS_ZRD(0.00)[91.227.16.33:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-0.98)[-0.975]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; RCVD_TLS_LAST(0.00)[]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:207027, ipnet:91.227.16.0/22, country:RU]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-pf] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2021 14:49:07 -0000 29.01.2021 20:10, Kajetan Staszkiewicz пишет: > On 27.01.21 14:24, skeletor wrote: > >> Hello. >> After upgrading FreeBSD from 12.1 to 12.2 "reply-to" stopped working. I >> have the same on 2 different machines. Both of them had working >> "reply-to" on 12.1 and stopped working after upgrading to 12.2 >> >> Packets reply via route map and doesn't consider firewall rules with >> "reply-to/route-to" > > Any chance this is broken only for IPv6 but working for IPv4? > I use only IPv4, so, i can't check it for IPv6. From owner-freebsd-pf@freebsd.org Mon Feb 1 15:14:35 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A88B052D625 for ; Mon, 1 Feb 2021 15:14:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4DTs1R48mQz3p2n for ; Mon, 1 Feb 2021 15:14:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 8CFBF52D3ED; Mon, 1 Feb 2021 15:14:35 +0000 (UTC) Delivered-To: pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8CC8452D2ED for ; Mon, 1 Feb 2021 15:14:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DTs1R3WFvz3nwk for ; Mon, 1 Feb 2021 15:14:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6BBB11D7FF for ; Mon, 1 Feb 2021 15:14:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 111FEZDN064716 for ; Mon, 1 Feb 2021 15:14:35 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 111FEZv7064715 for pf@FreeBSD.org; Mon, 1 Feb 2021 15:14:35 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 253164] reply-to in PF brokens after upgrade from 12.1 to 12.2 Date: Mon, 01 Feb 2021 15:14:35 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 12.2-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2021 15:14:35 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253164 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |pf@FreeBSD.org Keywords| |regression --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Mon Feb 1 15:31:22 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D2F6D52D843 for ; Mon, 1 Feb 2021 15:31:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4DTsNp5RXpz3ptZ for ; Mon, 1 Feb 2021 15:31:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id B90CF52DA81; Mon, 1 Feb 2021 15:31:22 +0000 (UTC) Delivered-To: pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B8D4952DA51 for ; Mon, 1 Feb 2021 15:31:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DTsNp4q9lz3ph4 for ; Mon, 1 Feb 2021 15:31:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 989521D928 for ; Mon, 1 Feb 2021 15:31:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 111FVM71073106 for ; Mon, 1 Feb 2021 15:31:22 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 111FVMOC073105 for pf@FreeBSD.org; Mon, 1 Feb 2021 15:31:22 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 253164] reply-to in PF brokens after upgrade from 12.1 to 12.2 Date: Mon, 01 Feb 2021 15:31:22 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 12.2-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: skeletor@lissyara.su X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2021 15:31:22 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253164 --- Comment #2 from skeletor@lissyara.su --- pass in on $ext_if_1 reply-to ($ext_if_1 $gw_1) inet proto tcp to ($ext_if_= 1) port { $tcp_svc } tag EXT_IF_A pass in on $ext_if_1 inet proto tcp from ($ext_if_1:network) to ($ext_if_1) port { $tcp_svc } tag EXT_IF_A # Lan4ever pass in on $ext_if_2 reply-to ($ext_if_2 $gw_2) inet proto tcp to ($ext_if_= 2) port { $tcp_svc } tag EXT_IF_B pass in on $ext_if_2 inet proto tcp from ($ext_if_2:network) to ($ext_if_2) port { $tcp_svc } tag EXT_IF_B pass in quick from ($ext_if_1:network) tagged EXT_IF_A keep state pass in quick reply-to ($ext_if_1 $gw_1) tagged EXT_IF_A keep state pass in quick from ($ext_if_2:network) tagged EXT_IF_B keep state pass in quick reply-to ($ext_if_2 $gw_2) tagged EXT_IF_B keep state pass out route-to ($ext_if_1 $gw_1) inet from ($ext_if_1) keep state pass out route-to ($ext_if_2 $gw_2) inet from ($ext_if_2) keep state This rule set for TCP, but the same behaviour and for UDP too. When I use tcpdump, reply packets appear on the interface, which point to the default = GW. On the FreeBSD 12.1 reply packets appears on the interface which they came from. Do you need more details? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Mon Feb 1 15:32:36 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 46E4452DAA7 for ; Mon, 1 Feb 2021 15:32:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4DTsQD1NDDz3q8X for ; Mon, 1 Feb 2021 15:32:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 2F53152DAA6; Mon, 1 Feb 2021 15:32:36 +0000 (UTC) Delivered-To: pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2F1DE52D8BA for ; Mon, 1 Feb 2021 15:32:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DTsQD0kd3z3pxR for ; Mon, 1 Feb 2021 15:32:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0C3761DCE5 for ; Mon, 1 Feb 2021 15:32:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 111FWZ59074987 for ; Mon, 1 Feb 2021 15:32:35 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 111FWZRU074986 for pf@FreeBSD.org; Mon, 1 Feb 2021 15:32:35 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 253164] reply-to in PF brokens after upgrade from 12.1 to 12.2 Date: Mon, 01 Feb 2021 15:32:36 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 12.2-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2021 15:32:36 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253164 --- Comment #3 from Kristof Provost --- (In reply to skeletor from comment #2) Yes. (a) **FULL** rule sets (b) a description of what happens and what's supposed to happen. "It's broken" is not an actionable bug report. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Mon Feb 1 15:53:31 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 37BA052E098 for ; Mon, 1 Feb 2021 15:53:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4DTstM0vyFz3rV0 for ; Mon, 1 Feb 2021 15:53:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 1F32552DE4D; Mon, 1 Feb 2021 15:53:31 +0000 (UTC) Delivered-To: pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1EFBE52DD78 for ; Mon, 1 Feb 2021 15:53:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DTstM0GC7z3rGR for ; Mon, 1 Feb 2021 15:53:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EFE901D973 for ; Mon, 1 Feb 2021 15:53:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 111FrUeA083729 for ; Mon, 1 Feb 2021 15:53:30 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 111FrUKm083728 for pf@FreeBSD.org; Mon, 1 Feb 2021 15:53:30 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 253164] reply-to in PF brokens after upgrade from 12.1 to 12.2 Date: Mon, 01 Feb 2021 15:53:31 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 12.2-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: skeletor@lissyara.su X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2021 15:53:31 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253164 --- Comment #4 from skeletor@lissyara.su --- ext_if_2=3D"igb0" ext_if_1=3D"bge0" int_if=3D"vlan12" vlan1920_net=3D"192.168.0.0/24" lo=3D"lo0" int_net=3D"10.11.12.0/24" gw_2=3D"BB.BB.BB.YY" gw_1=3D"AA.AA.AA.YY" # services tcp_svc=3D"ssh, 53, 110,143,993,995,25,465" udp_svc=3D"53" #skip iface set skip on lo0 set block-policy drop set limit states 300000 set limit frags 300000 set limit src-nodes 300000 # scrub scrub in on $ext_if_1 all scrub in on $ext_if_2 all scrub in on $int_if all fragment reassemble max-mss 1496 # NAT nat on $ext_if_1 inet from {$int_net} -> $ext_if_1:0 nat on $ext_if_2 inet from {$int_net} -> $ext_if_2:0 ########## FIREWALL block in quick from any os NMAP block quick on $ext_if_2 proto udp from any to $ext_if_2 port 161 block quick on $ext_if_2 proto tcp from any to $ext_if_2 port { 199, 179 } pass in pass quick from to any #bruteforce block drop quick from to any label "ssh bruteforce" block drop quick from any to label "ssh bruteforce" # ICMP pass in on $ext_if_1 reply-to ($ext_if_1 $gw_1) inet proto icmp to ($ext_if= _1) tag EXT_IF_A icmp-type echoreq code 0 pass in on $ext_if_1 inet proto icmp from ($ext_if_1:network) to ($ext_if_1) icmp-type echoreq code 0 pass in on $ext_if_2 reply-to ($ext_if_2 $gw_2) inet proto icmp to ($ext_if= _2) tag EXT_IF_B icmp-type echoreq code 0 pass in on $ext_if_2 inet proto icmp from ($ext_if_2:network) to ($ext_if_2) icmp-type echoreq code 0 # allow tcp ports pass in on $ext_if_1 reply-to ($ext_if_1 $gw_1) inet proto tcp to ($ext_if_= 1) port { $tcp_svc } tag EXT_IF_A pass in on $ext_if_1 inet proto tcp from ($ext_if_1:network) to ($ext_if_1) port { $tcp_svc } tag EXT_IF_A pass in on $ext_if_2 reply-to ($ext_if_2 $gw_2) inet proto tcp to ($ext_if_= 2) port { $tcp_svc } tag EXT_IF_B pass in on $ext_if_2 inet proto tcp from ($ext_if_2:network) to ($ext_if_2) port { $tcp_svc } tag EXT_IF_B # allow udp ports pass in on $ext_if_1 reply-to ($ext_if_1 $gw_1) inet proto udp to ($ext_if_= 1) port { $udp_svc } tag EXT_IF_A pass in on $ext_if_1 inet proto udp from ($ext_if_1:network) to ($ext_if_1) port { $udp_svc } tag EXT_IF_A pass in on $ext_if_2 reply-to ($ext_if_2 $gw_2) inet proto udp to ($ext_if_= 2) port { $udp_svc } tag EXT_IF_B pass in on $ext_if_2 inet proto udp from ($ext_if_2:network) to ($ext_if_2) port { $udp_svc } tag EXT_IF_B pass in quick from ($ext_if_1:network) tagged EXT_IF_A keep state pass in quick reply-to ($ext_if_1 $gw_1) tagged EXT_IF_A keep state pass in quick from ($ext_if_2:network) tagged EXT_IF_B keep state pass in quick reply-to ($ext_if_2 $gw_2) tagged EXT_IF_B keep state pass quick from to any pass quick from any to pass in quick from to any pass out quick from any to ## ssh access pass in quick proto tcp from any to any port ssh flags S/SA keep state \ (max-src-conn 3, max-src-conn-rate 3/5, overload flush global) #snmp pass quick proto udp from $monitoring to any port 161 pass quick proto tcp from $monitoring to any port 199 pass quick proto icmp from $monitoring to any block quick proto udp from any to any port 161 block quick proto tcp from any to any port 199 pass out inet from (self:network) pass in inet proto icmp to (self:network) pass in inet proto tcp from $int_net to (self:network) pass in inet proto udp from $int_net to (self:network) # LOCAL NETWORK pass quick on $int_if # OUTGOING ROUTE pass out route-to ($ext_if_1 $gw_1) inet from ($ext_if_1) keep state pass out route-to ($ext_if_2 $gw_2) inet from ($ext_if_2) keep state pass out inet from { $ext_if_1 $ext_if_2 } to (self:network) Here query on ext_if2: 17:40:42.342576 IP XX.XX.XX.XX.60318 > BB.BB.BB.BB.22: Flags [S], seq 2980536276, win 64240, options [mss 1460,sackOK,TS val 824407439 ecr 0,nop,wscale 7], length 0 17:40:43.345460 IP XX.XX.XX.XX.60318 > BB.BB.BB.BB.22: Flags [S], seq 2980536276, win 64240, options [mss 1460,sackOK,TS val 824408442 ecr 0,nop,wscale 7], length 0 Here reply on ext_if1: 17:40:42.342717 IP BB.BB.BB.BB.22 > XX.XX.XX.XX.60318: Flags [S.], seq 2922590039, ack 2980536277, win 64395, options [mss 1460,nop,wscale 6,nop,nop,TS val 1012050357 ecr 824407439], length 0 17:40:43.342422 IP BB.BB.BB.BB.22 > XX.XX.XX.XX.60318: Flags [S.], seq 2922590039, ack 2980536277, win 64395, options [mss 1460,nop,wscale 6,nop,nop,TS val 1012051357 ecr 824407439], length 0 Where XX.XX.XX.XX - host, from which i try to connect to BB.BB.BB.BB (ip on interface ext_if2) ext_if1 point to default GW. ext_if2 - secondary ISP. If not enough - please, let me know. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Mon Feb 1 15:56:39 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1AB0B52E2ED for ; Mon, 1 Feb 2021 15:56:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4DTsxz04M4z3s4m for ; Mon, 1 Feb 2021 15:56:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 009B552E0DC; Mon, 1 Feb 2021 15:56:39 +0000 (UTC) Delivered-To: pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0064952E3C3 for ; Mon, 1 Feb 2021 15:56:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DTsxy6XZ2z3s4l for ; Mon, 1 Feb 2021 15:56:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D362A1DBDA for ; Mon, 1 Feb 2021 15:56:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 111FucxW084282 for ; Mon, 1 Feb 2021 15:56:38 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 111FucSE084281 for pf@FreeBSD.org; Mon, 1 Feb 2021 15:56:38 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 253164] reply-to in PF brokens after upgrade from 12.1 to 12.2 Date: Mon, 01 Feb 2021 15:56:38 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 12.2-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2021 15:56:39 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253164 --- Comment #5 from Kristof Provost --- (In reply to skeletor from comment #4) Again: explain what happens and what you expect to have happen instead. I've looked at the 12.1 and 12.2 code and there are no obvious differences = in the reply-to code, but I still have no idea at all what your problem is. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Mon Feb 1 16:02:01 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 867A252E551 for ; Mon, 1 Feb 2021 16:02:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4DTt4934sQz3sZD for ; Mon, 1 Feb 2021 16:02:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 69A8652E7A2; Mon, 1 Feb 2021 16:02:01 +0000 (UTC) Delivered-To: pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 696A152E550 for ; Mon, 1 Feb 2021 16:02:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DTt492C31z3sck for ; Mon, 1 Feb 2021 16:02:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3F0A11E1B9 for ; Mon, 1 Feb 2021 16:02:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 111G21mY086819 for ; Mon, 1 Feb 2021 16:02:01 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 111G21Me086818 for pf@FreeBSD.org; Mon, 1 Feb 2021 16:02:01 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 253164] reply-to in PF brokens after upgrade from 12.1 to 12.2 Date: Mon, 01 Feb 2021 16:02:01 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 12.2-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: skeletor@lissyara.su X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2021 16:02:01 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253164 --- Comment #6 from skeletor@lissyara.su --- I expect, that, if I send packets to secondary (ext_if_2) interface (not to point default GW) I receive it from ext_if_2. But really I see it on ext_if= _1 and don't see on ext_if_2 (but should see). --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Mon Feb 1 16:03:05 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 28E2B52E881 for ; Mon, 1 Feb 2021 16:03:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4DTt5P0V2rz3svF for ; Mon, 1 Feb 2021 16:03:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 10BF552E834; Mon, 1 Feb 2021 16:03:05 +0000 (UTC) Delivered-To: pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 108E152E880 for ; Mon, 1 Feb 2021 16:03:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DTt5N7157z3t64 for ; Mon, 1 Feb 2021 16:03:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E3C3C1E2D0 for ; Mon, 1 Feb 2021 16:03:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 111G34Yk089942 for ; Mon, 1 Feb 2021 16:03:04 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 111G34c2089941 for pf@FreeBSD.org; Mon, 1 Feb 2021 16:03:04 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 253164] reply-to in PF brokens after upgrade from 12.1 to 12.2 Date: Mon, 01 Feb 2021 16:03:05 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 12.2-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2021 16:03:05 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253164 --- Comment #7 from Kristof Provost --- (In reply to skeletor from comment #6) Send packets from where? From the machine? From the internet? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Mon Feb 1 16:12:05 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F13D652E6E9 for ; Mon, 1 Feb 2021 16:12:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4DTtHn5Ck8z3thy for ; Mon, 1 Feb 2021 16:12:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id B25D852E928; Mon, 1 Feb 2021 16:12:05 +0000 (UTC) Delivered-To: pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B224752E6E8 for ; Mon, 1 Feb 2021 16:12:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DTtHn4dRnz3tkT for ; Mon, 1 Feb 2021 16:12:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 92A181E2F7 for ; Mon, 1 Feb 2021 16:12:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 111GC5IW094417 for ; Mon, 1 Feb 2021 16:12:05 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 111GC56N094416 for pf@FreeBSD.org; Mon, 1 Feb 2021 16:12:05 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 253164] reply-to in PF brokens after upgrade from 12.1 to 12.2 Date: Mon, 01 Feb 2021 16:12:05 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 12.2-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: skeletor@lissyara.su X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2021 16:12:06 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253164 --- Comment #8 from skeletor@lissyara.su --- Yes, from outside (some host in internet). --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Mon Feb 1 16:23:55 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2DB3252F13A for ; Mon, 1 Feb 2021 16:23:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4DTtYR0dP6z3vgB for ; Mon, 1 Feb 2021 16:23:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 159B452ECD4; Mon, 1 Feb 2021 16:23:55 +0000 (UTC) Delivered-To: pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1568E52F139 for ; Mon, 1 Feb 2021 16:23:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DTtYR02n7z3vZL for ; Mon, 1 Feb 2021 16:23:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E8E921E44D for ; Mon, 1 Feb 2021 16:23:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 111GNsUp001593 for ; Mon, 1 Feb 2021 16:23:54 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 111GNsf0001592 for pf@FreeBSD.org; Mon, 1 Feb 2021 16:23:54 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 253164] reply-to in PF brokens after upgrade from 12.1 to 12.2 Date: Mon, 01 Feb 2021 16:23:55 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 12.2-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: kp@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2021 16:23:55 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253164 --- Comment #9 from Kristof Provost --- (In reply to skeletor from comment #8) Have you confirmed, with pflog, that the route-to rule is still getting hit? --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Tue Feb 2 15:21:50 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B578D5352A8 for ; Tue, 2 Feb 2021 15:21:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4DVT7L4Zcnz3Qh6 for ; Tue, 2 Feb 2021 15:21:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 9CD1E5351C0; Tue, 2 Feb 2021 15:21:50 +0000 (UTC) Delivered-To: pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9C9AA53524C for ; Tue, 2 Feb 2021 15:21:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DVT7L3z4wz3QkB for ; Tue, 2 Feb 2021 15:21:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7C05610929 for ; Tue, 2 Feb 2021 15:21:50 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 112FLobb011786 for ; Tue, 2 Feb 2021 15:21:50 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 112FLofP011785 for pf@FreeBSD.org; Tue, 2 Feb 2021 15:21:50 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 253164] reply-to in PF brokens after upgrade from 12.1 to 12.2 Date: Tue, 02 Feb 2021 15:21:50 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 12.2-STABLE X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: skeletor@lissyara.su X-Bugzilla-Status: Closed X-Bugzilla-Resolution: Not A Bug X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Feb 2021 15:21:50 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253164 skeletor@lissyara.su changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Closed Resolution|--- |Not A Bug --- Comment #10 from skeletor@lissyara.su --- Thank you for right direction to check via pflog! Without "quick" keyword r= ule set with reply-to doesn't work. Now, everything is working. Sorry, for my mistakes. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Wed Feb 3 06:12:04 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F0ADD52C17C for ; Wed, 3 Feb 2021 06:12:04 +0000 (UTC) (envelope-from rtyler@brokenco.de) Received: from mail1.protonmail.ch (mail1.protonmail.ch [185.70.40.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "protonmail.com", Issuer "SwissSign Server Gold CA 2014 - G22" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DVrtW3xFRz3PYS for ; Wed, 3 Feb 2021 06:12:03 +0000 (UTC) (envelope-from rtyler@brokenco.de) Date: Wed, 03 Feb 2021 06:11:52 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brokenco.de; s=protonmail; t=1612332719; bh=UqDUH4yIBVRTLINtN7E6R8MReWAX6fTrVKSPGO54SIs=; h=Date:To:From:Reply-To:Subject:From; b=A5+ZQAglKkupXnPVWCLPYiGus2oJv8CytMmmpjeruS9DtsV0jEnHlzTRijlnUCIoI 9tzlZTOllBZsE6tasIL+Rxogykg4WPMvoy70b1bAdQvsZ4/lIDY6PxJ49talW43b0W /XeEHt1ms4ApvypZ+sR0QpsQvMldI14w2hMcYHzA= To: freebsd-pf@freebsd.org From: "R. Tyler Croy" Reply-To: "R. Tyler Croy" Subject: pflog0 showing up in my vnet jails Message-ID: <20210203061148.4fcg6ml6yj7k6aqi@grape> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha256; boundary="---------------------551f6aaff0d29bba0bd8a22f006fd29a"; charset=utf-8 X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Rspamd-Queue-Id: 4DVrtW3xFRz3PYS X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=brokenco.de header.s=protonmail header.b=A5+ZQAgl; dmarc=pass (policy=none) header.from=brokenco.de; spf=pass (mx1.freebsd.org: domain of rtyler@brokenco.de designates 185.70.40.18 as permitted sender) smtp.mailfrom=rtyler@brokenco.de X-Spamd-Result: default: False [-5.60 / 15.00]; HAS_REPLYTO(0.00)[rtyler@brokenco.de]; RWL_MAILSPIKE_VERYGOOD(0.00)[185.70.40.18:from]; R_DKIM_ALLOW(-0.20)[brokenco.de:s=protonmail]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:185.70.40.0/24]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; HAS_ATTACHMENT(0.00)[]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; ARC_NA(0.00)[]; DKIM_TRACE(0.00)[brokenco.de:+]; DMARC_POLICY_ALLOW(-0.50)[brokenco.de,none]; RCVD_IN_DNSWL_NONE(0.00)[185.70.40.18:from]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; SIGNED_PGP(-2.00)[]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:62371, ipnet:185.70.40.0/24, country:CH]; MAILMAN_DEST(0.00)[freebsd-pf] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2021 06:12:05 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) -----------------------551f6aaff0d29bba0bd8a22f006fd29a Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Date: Tue, 2 Feb 2021 22:11:48 -0800 From: "R. Tyler Croy" Message-Id: <20210203061148.4fcg6ml6yj7k6aqi@grape> Mime-Version: 1.0 Subject: pflog0 showing up in my vnet jails To: freebsd-pf@freebsd.org User-Agent: NeoMutt/20201127 I noticed this evening that pflog0 is propagated into my vnet-based jails (12.2-RELEASE) and I'm somewhat surprised to see it there. My host's /etc/rc.conf simply has `pflog_enable=3D"YES"`, so nothing too esoteric. My /etc/jail.conf doesn't do anything with pflog0 for the jails, = so the fact that it shows up _feels_ like a bug, from within a jail: # ifconfig lo0: flags=3D8049 metric 0 mtu 16384 options=3D680003 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 inet 127.0.0.1 netmask 0xff000000 groups: lo nd6 options=3D21 pflog0: flags=3D0<> metric 0 mtu 33160 groups: pflog epair2b: flags=3D8843 metric 0 = mtu 1500 options=3D8 ether 02:c4:52:c8:47:0b inet 10.0.1.4 netmask 0xffffff00 broadcast 10.0.1.255 groups: epair media: Ethernet 10Gbase-T (10Gbase-T ) status: active nd6 options=3D29 #=20 Fortunately, when I tcpdump that device from within the jail, it has none o= f the host pflog0's entries being reported. Regardless, should I file this as a bug? Cheers -- GitHub: https://github.com/rtyler GPG Key ID: 0F2298A980EE31ACCA0A7825E5C92681BEF6CEA2 -----------------------551f6aaff0d29bba0bd8a22f006fd29a Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsFmBAEBCAAQBQJgGj6nCRDqliUJ0zoEdQAKCRDqliUJ0zoEdU3BD/9lUH8L u9p8ExFSWw9lc5j0/an6AjXe/mk4CQSO/zMkHi19jJTmXn8q0SbtQ9fRAsRm geg+suq2FKuHUatIZ23PKRuMCShL1CW3zEDZj/xhkb2hFmRES6yw/391NM3v xvnQyhfNlvZTeLbKkS3toz6uyBLg+GdgYLI4rew4V7rooGflRoWQgRCtAnHf yduTUKYDZ/8XP7G4D3VtWHrz3c6MSyxEZa93tlY56FQycKfA6NdXCJjNQzjp nG/QerC/lSYENGl80zBGwIk4BgKJocS97FE2Fem2QtSlSi24VspaeU6poNzu jQZv3LVa+RqYeJ0FkB/D9THfjWX6Qn3fbF0HTAuetPgQy51pZ/OUWIDD5Gpj f0muPZJNf8htIS+RiHB2bTg+HdWKma+nu4zSzvO9G7CCmzAQtBXz6L0b3weZ mQ7V43v8z0C2zuweCdX7KphkpthslloRxnXiA0xp3BZI8UTAseVfEpKzrVbE Q8isa9CMnl92MR5njm6FWDa/J2M46Ad9wOr/c3fc+ynsOWg3YYYQFskXDhhz rVMVhG3eeMYsPhrUE1nILIoxaeT4pq86jvbxRgnYnC0IzHBREYRRhk+g1hWT lE1Ckqbe8Izc94wsNwzmiX+j2S6xB70z5pIXpfNyY3elDp8mgOBCdJTNYGUY 8cmDnDAMx7OZuTnqiA== =JFoY -----END PGP SIGNATURE----- -----------------------551f6aaff0d29bba0bd8a22f006fd29a-- From owner-freebsd-pf@freebsd.org Wed Feb 3 13:13:25 2021 Return-Path: Delivered-To: freebsd-pf@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E5D58536D92 for ; Wed, 3 Feb 2021 13:13:25 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DW2Dj6DK9z4ZbH; Wed, 3 Feb 2021 13:13:25 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.codepro.be", Issuer "R3" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id AF43134772; Wed, 3 Feb 2021 13:13:25 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: by venus.codepro.be (Postfix, authenticated sender kp) id 31B7D4205F; Wed, 3 Feb 2021 14:13:24 +0100 (CET) From: "Kristof Provost" To: "R. Tyler Croy" Cc: freebsd-pf@freebsd.org Subject: Re: pflog0 showing up in my vnet jails Date: Wed, 03 Feb 2021 14:13:23 +0100 X-Mailer: MailMate (1.13.2r5673) Message-ID: <1EA150C1-183C-472E-9E8C-3DFC931BD8B6@FreeBSD.org> In-Reply-To: <20210203061148.4fcg6ml6yj7k6aqi@grape> References: <20210203061148.4fcg6ml6yj7k6aqi@grape> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2021 13:13:26 -0000 On 3 Feb 2021, at 7:11, R. Tyler Croy wrote: > I noticed this evening that pflog0 is propagated into my vnet-based > jails > (12.2-RELEASE) and I'm somewhat surprised to see it there. > > My host's /etc/rc.conf simply has `pflog_enable="YES"`, so nothing too > esoteric. My /etc/jail.conf doesn't do anything with pflog0 for the > jails, so > the fact that it shows up _feels_ like a bug, from within a jail: > > # ifconfig > lo0: flags=8049 metric 0 mtu 16384 > options=680003 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 > inet 127.0.0.1 netmask 0xff000000 > groups: lo > nd6 options=21 > pflog0: flags=0<> metric 0 mtu 33160 > groups: pflog > epair2b: flags=8843 metric > 0 mtu 1500 > options=8 > ether 02:c4:52:c8:47:0b > inet 10.0.1.4 netmask 0xffffff00 broadcast 10.0.1.255 > groups: epair > media: Ethernet 10Gbase-T (10Gbase-T ) > status: active > nd6 options=29 > # > > Fortunately, when I tcpdump that device from within the jail, it has > none of > the host pflog0's entries being reported. > > > Regardless, should I file this as a bug? > I wouldn’t consider this to be a bug, no. Or if it is one, one that won’t be fixed anyway. As soon as the pflog module is loaded pf creates a pflog0 interface. That interface is per-vnet, so it’s perfectly safe to have. Arguably pf shouldn’t create a log interface automatically, but that ship has sailed. If we change it we’re going to break expectations for at least some users, so we’re not going to change that. Regards, Kristof