From nobody Fri Nov 10 10:03:26 2023 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SRZCn0hLlz500xs for ; Fri, 10 Nov 2023 10:03:49 +0000 (UTC) (envelope-from franco@lastsummer.de) Received: from host64.shmhost.net (host64.shmhost.net [213.239.241.7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4SRZCl5zsXz3Hwf for ; Fri, 10 Nov 2023 10:03:47 +0000 (UTC) (envelope-from franco@lastsummer.de) Authentication-Results: mx1.freebsd.org; dkim=none; spf=none (mx1.freebsd.org: domain of franco@lastsummer.de has no SPF policy when checking 213.239.241.7) smtp.mailfrom=franco@lastsummer.de; dmarc=none Received: from smtpclient.apple (p200300cd8714dff8000000000000c259.dip0.t-ipconnect.de [IPv6:2003:cd:8714:dff8::c259]) by host64.shmhost.net (Postfix) with ESMTPSA id 4SRZCb21fKzP2wF for ; Fri, 10 Nov 2023 11:03:39 +0100 (CET) From: Franco Fichtner Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\)) Subject: libpfctl: c2e7cbe0edb backport broke label set on rule Message-Id: Date: Fri, 10 Nov 2023 11:03:26 +0100 To: pf@freebsd.org X-Mailer: Apple Mail (2.3731.700.6) X-Virus-Scanned: clamav-milter 0.103.10 at host64.shmhost.net X-Virus-Status: Clean X-Spamd-Result: default: False [-0.45 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; AUTH_NA(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; ONCE_RECEIVED(0.10)[]; NEURAL_SPAM_SHORT(0.05)[0.054]; ASN(0.00)[asn:24940, ipnet:213.239.192.0/18, country:DE]; RCVD_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[pf@freebsd.org]; R_DKIM_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; DMARC_NA(0.00)[lastsummer.de]; R_SPF_NA(0.00)[no SPF record]; PREVIOUSLY_DELIVERED(0.00)[pf@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[] X-Rspamd-Queue-Id: 4SRZCl5zsXz3Hwf X-Spamd-Bar: / Hi, Would somebody mind committing the fix to stable/13? https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275006 Thanks, Franco From nobody Mon Nov 13 18:19:19 2023 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4STd471hBBz4wZYl for ; Mon, 13 Nov 2023 18:19:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4STd470W8Zz4Wnf for ; Mon, 13 Nov 2023 18:19:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1699899559; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kWKx2uBUPIahh7Zr+kqb0C9rhavuvjy1tWTXkaSIQhc=; b=g+YR20Dp17rB4PH9Xe/3q1kSdEueUIDK/Uy4g5dBWHScbauJFyvpoXMgWXY2xgbCAK5T+6 1RTjyvhzEqV4t+e/V67e6Yobusgfjm3Z75bckXEFG+iKfYQFSyipxqMQl0vInsR21pxnFK L5CGJhuJm2mYG/o+y7779b/s9YBdaq5F8dz4ZBrRxr8teoPBXxChwb9aTuRqKHGclgfbCV cKVf1aIZXGFcck1m/nV6Llt8pFlda9VmWDjcGE8ul3lUv4AjQzZ1NRloE6EIsN0uzAHc9N utpy6ioO7BQHFU6CGJmKS7TwS9jRPeSRy7UMQRVZbRe+XCaRdWKlp2vi1r7iEA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1699899559; a=rsa-sha256; cv=none; b=HS0OCcWzGiC6jpIhbekvX7ZeEirrjDv8ubXJbo0tO2c3wPhWJYCgDNnMAe2UpRVsXw9PKX 8lxs+uy4erMs1RCKfn8+uvcX1G2Uyw3TApHHHm7tuI341ermYNpx/4lRwXRlTpcWu1bLlg NyS6u8W7K6h3W1oW949lQYKjeGagVeHuiPBUQWhb1TauOts6dV71LWDvrXdns07olQ9XUR wPY6JYTotHaMbqqP9zs00IvPu73RzddeBnetWgG9fCDYEu8Ag11fQCFZDHNLTskloLM8X4 phCmpqahp10lWGAv2GOCpLhp2N8YwuHx0+mwYcyQcgEAhfQaoExw9+u0RfFJxg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4STd466jnWz1k3 for ; Mon, 13 Nov 2023 18:19:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3ADIJI8T093353 for ; Mon, 13 Nov 2023 18:19:18 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3ADIJI1Z093352 for pf@FreeBSD.org; Mon, 13 Nov 2023 18:19:18 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 274850] Packets are disappearing when both PF "divert-to" and "Dnpipe" rules are activated simultaneously Date: Mon, 13 Nov 2023 18:19:19 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: igor.ostapenko@pm.me X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274850 Igor Ostapenko changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |igor.ostapenko@pm.me --- Comment #1 from Igor Ostapenko --- (In reply to Alfa from comment #0) Could you please provide a bit more details like what happens with diverted packets and what dummynet configuration is used for the pipes? If it's not behind some NDA. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Mon Nov 13 19:37:20 2023 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4STfpP6klNz50RfX for ; Mon, 13 Nov 2023 19:37:33 +0000 (UTC) (envelope-from plexinvise@gmail.com) Received: from mail-yw1-x112d.google.com (mail-yw1-x112d.google.com [IPv6:2607:f8b0:4864:20::112d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4STfpN6hccz4fs3 for ; Mon, 13 Nov 2023 19:37:32 +0000 (UTC) (envelope-from plexinvise@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=Pmcs1Sdz; spf=pass (mx1.freebsd.org: domain of plexinvise@gmail.com designates 2607:f8b0:4864:20::112d as permitted sender) smtp.mailfrom=plexinvise@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-yw1-x112d.google.com with SMTP id 00721157ae682-5a7afd45199so57113677b3.0 for ; Mon, 13 Nov 2023 11:37:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699904251; x=1700509051; darn=freebsd.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=dGnwCzJELT4Q7Smtkb9tiIDj2DS+7RJXCre3ejn+c70=; b=Pmcs1SdzD2KRbfDc0NiD9OMjPiFoG1eizhyMHIPw1FEvE64Nl2HylwatH3H/V77+92 xKnOXeFYCXFoXhIWIPkK1dwXHMWWmPqGAcN5c81uqgIvBFbMyW1xaoEynm1KMwH/qp/4 NoMqbqeiCG16d8VggFrZrc+I0y8qHH2yUkhW9NZ0maTodSaPJvbsglKEjeXJlrt5pSF/ oh8YNZKtg1gZR8kluOdo51p4wb6Tb2xuKpbuS3TXXDU3Jh2D5G+5aT8RXZZ/kvVvpWly eThPpwONMZrL1DN54RsivmqokABok1WqEgcUc8GqQqI1wO2UyIiIumXLz0mRv9XoISbB Mpig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699904251; x=1700509051; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=dGnwCzJELT4Q7Smtkb9tiIDj2DS+7RJXCre3ejn+c70=; b=POBL8zcH84MHnRz8Ax5G2zXV3EaNOvd0QIZfQRFksjI4NgBHx6HEHomnAZXjaz66zB e7oGtpvTkXXv6sdQwb69my/HR5lz56OBhCrF6Mvd/LrVzT/C4RNL2az44NXKeHK8N83p KmBTc5ndcMw7yfW8VGvIFmzOOtawGS5q3aYupOb8JRW16YqWnDKCdYPHX9sWi3cZLDJO fwT5/BQc7/2lSR5AmGhgranrSpHOtkMtFVnTQXGGEYlms0DU5KMDoLM3eqnQPa65QxkO PUsMuEXi5fNV2OC9GRzsJ0wn27+MqIobJoWrtodTEX/30w3SC5hxw029t1unyzDAuLIV Uijg== X-Gm-Message-State: AOJu0Yws9aQoCZU7odGD6vLWGxwHx2x7eFfFQoVzwaMC0Sh9hnM/ZVJL VHhxN5GQVVDn6bzkb4iAbN+DTGqzM24XjATKsNv3kvM3l/Q= X-Google-Smtp-Source: AGHT+IHpD0UjOayIjtnOL6fPn5IMnLmUAr4doFxr+T+osNvJvDfQlmiaKTFxiFPhcpPAJM4OXxbpV10LRyUMSHYzSN8= X-Received: by 2002:a81:9e4e:0:b0:5a8:f160:7536 with SMTP id n14-20020a819e4e000000b005a8f1607536mr9095973ywj.47.1699904251259; Mon, 13 Nov 2023 11:37:31 -0800 (PST) List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 From: T K Date: Mon, 13 Nov 2023 14:37:20 -0500 Message-ID: Subject: Dummynet doesn't work with PF of FreeBSD 14RC3 and 14RC4 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Spamd-Result: default: False [-4.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[freebsd-pf@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::112d:from]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ARC_NA(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_LAST(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_NONE(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] X-Rspamd-Queue-Id: 4STfpN6hccz4fs3 X-Spamd-Bar: --- Hi there, I am trying to setup a simple PF firewall with dummynet and despite all my efforts I am failing. I would appreciate a helping hand, thank you. Below is the setup description and all the details that might be useful. I've been trying to apply pass rule for the pipe on different interfaces, in and out, for global addresses, subnets and local addresses and nothing seems to work. My client machine gets the internet and everything is ok except for the fact that I can't use dummynet with it. Please let me know if any other info needed. Thank you My setup is raspberry pi 3b with two interfaces ue0 (EXT) and ue1(INT) No bridge ue1 spinning dhcpd and dnsmasq to control clients IP ranges and add some custom DNS resolution. ue0 running NAT (PAT) for the ue1:network ### rc.conf ############# Skipped generic stuff # IF ifconfig_ue1="inet 192.168.31.1 netmask 255.255.255.0" dhcpd_enable="YES" dnsmasq_enable="YES" # Firewall gateway_enable="YES" pf_enable="YES" pflog_enable="YES" dnctl_enable="YES" dnctl_program="/sbin/dnctl" ### pf.conf ############# # Macros and tables ext_if = "ue0" int_if = "ue1" localnet = $int_if:network # Options set block-policy drop set skip on lo0 # Normalization scrub in all # NAT (comment out if adding ext_if to bridge) nat on $ext_if inet from ($localnet) to any -> ($ext_if) #nat on $ext_if inet6 from ($localnet) to any -> ($ext_if:0) # RDR anchors, mostly for port forwarding #rdr-anchor "reggae/*" on $ext_if #rdr-anchor "services/*" on $ext_if # rdr-anchor "service/*" on $ext_if antispoof quick log for ($ext_if) # comment out if adding ext_if to bridge #anchor "blacklistd/*" in on $ext_if # Quick rules #block out quick inet6 all user torrent pass in quick inet from 192.168.31.12 to any dnpipe 1 # Rules block in log from any to (self) pass in inet proto udp to any port bootpc #pass in inet6 proto udp from fe80::/10 port dhcpv6-server to fe80::/10 port dhcpv6-client pass in proto tcp to any port ssh pass in proto { icmp, igmp, icmp6 } pass in on $int_if proto { tcp, udp } from any to (self) pass out ### dnctl.conf ############# pipe 1 config bw 100Kbit ### dnctl pipe show ############# 00001: 100.000 Kbit/s 0 ms burst 0 q131073 50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 droptail sched 65537 type FIFO flags 0x0 0 buckets 0 active ### ifconfig ############# lo0: flags=1008049 metric 0 mtu 16384 options=680003 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 groups: lo nd6 options=21 ue0: flags=1008843 metric 0 mtu 1500 options=80009 ether b8:27:eb:ec:b9:ed inet 192.168.2.70 netmask 0xffffff00 broadcast 192.168.50.255 media: Ethernet autoselect (100baseTX ) status: active nd6 options=2b ue1: flags=8843 metric 0 mtu 1500 options=68009b ether a0:ce:c8:5e:c7:1d inet 192.168.31.1 netmask 0xffffff00 broadcast 192.168.31.255 media: Ethernet autoselect (none) status: no carrier nd6 options=29 ### pf -s all ############# FILTER RULES: scrub in all fragment reassemble block drop in log quick on ! ue0 from (ue0:network) to any block drop in log quick from (ue0) to any pass in quick inet from 192.168.31.12 to any flags S/SA keep state dnpipe 1 block drop in log from any to (self) pass in on ue1 proto tcp from any to (self) flags S/SA keep state pass in on ue1 proto udp from any to (self) keep state pass in inet proto udp from any to any port = bootpc keep state pass in proto tcp from any to any port = ssh flags S/SA keep state pass in proto icmp all keep state pass in proto igmp all keep state pass in proto ipv6-icmp all keep state pass out all flags S/SA keep state ### scp from target ############# scp root@192.168.31.12:/root/foo /root/foo foo 0% 46MB 7.6MB/s 23:00 ETA From nobody Wed Nov 15 18:38:43 2023 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SVsPb3LjNz50bpy for ; Wed, 15 Nov 2023 18:38:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SVsPb0f5Lz4RZt for ; Wed, 15 Nov 2023 18:38:43 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1700073523; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zRJT/0yk64R0HpNzyr3TNQg7l+Yhg8UUxI6xp5xETAg=; b=cGfH74+INq1UrbxPOBq3vVweydkfzdW6iBGmMhcBFxZRuJtOgh08W2yj2+Ay6wmuJXAna8 c77fNS7GjBKrv67+PfZcvgt7bC0dqkElimA2gS+D5oNvKuUIIN7rn0JbLvrsAGWS2VcxiB c+dnmrqWn/Z06PZzvCEnFaeAk1+WIgzHr5ZsJqvLBSnCOFQvwa9JaADk8wASypyRWLHd9b xl3MYk//LOtKSTna6GZlWVk0N1ASQApLWJZ10ZlRDNnTGs+4mZh3DBhK0192EFL6Nw86AZ uDGMI3PI7Lgd9sS+XtZQY9hCMfO4PTIK/N0xSBBWRy+icYwvieh+2YNuIEHaUQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1700073523; a=rsa-sha256; cv=none; b=CM6sPtahihJsnqsVmHptzCuBLBHq8nhTRRGuzxhNrax0CC9n315QYORMjDyL+HYbxjTNsz LGFjybOrQ3jJ7Y/pOrdPeq1lUjvkhRS6whc6HQdOfcYLoUKqTrhAhR5JP0bTq5PPR/stzv 8R3TvpZCXBLyN4SbMO4ahkuD1RHFQYctscJPjjkV40n+tIZHYCfabFI/nA0b8oHnT0mRVg bxN0TXFmOMH82ZnEKMMFKqzoMO4gkobm/kEKq2pomwHs7HfQr0Z5SWlsi0UOTLgQdVrAcB +FSvhdY3aGI0lEWQWKYX1X6EOPX/P1C6Oh5ubt46/cerjrvt0ZfTjIE6VrUQFQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SVsPZ6n6XzCsh for ; Wed, 15 Nov 2023 18:38:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3AFIcgvn009894 for ; Wed, 15 Nov 2023 18:38:42 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3AFIcgbg009893 for pf@FreeBSD.org; Wed, 15 Nov 2023 18:38:42 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 274850] Packets are disappearing when both PF "divert-to" and "Dnpipe" rules are activated simultaneously Date: Wed, 15 Nov 2023 18:38:43 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: igor.ostapenko@pm.me X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274850 --- Comment #2 from Igor Ostapenko --- It=E2=80=99s on the early stage of the patch review, but probably you want = to give it a try: https://reviews.freebsd.org/D42609?download=3Dtrue. It could be helpfu= l to know results of testing in the fields. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Thu Nov 16 14:58:36 2023 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SWNT80wF8z50l0q for ; Thu, 16 Nov 2023 14:58:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SWNT767HZz4s9G for ; Thu, 16 Nov 2023 14:58:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1700146715; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SSS/YJAaIWI8QKJQj0oVnypgOhA/v1C+ptBtVP4LDjo=; b=mJdkU74NooRmRbzB3sccGfBtn6pR367hPkjaJA5k3xt94Luu4gIESybxeBq7iFO3POmJxN iOe//DwHH7Dp9XQFtzeh6ZacuO/yrBse3sPlSsRddggkrL+P7B3OnKDQ957VJUaNTKde/1 MsCButC8+wGttrhuKqPvwx//5AVLOfUdSIHTpejA6znoi4XwXIs49kvVvcq3pRo/Ko3vft 0WjIJV9XhATlsO0AD6cu0PE70V2j4sn0zn0kwWzOPbtyUA4q5GFxXj5Eb0HmStUfko1zk4 MPU9gVOf82DeYJK25edRqea3hS2H6gpd80sKTHvP9CAdQpFzr2wBUgIuBFlNdw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1700146715; a=rsa-sha256; cv=none; b=k4T8Sxbxe/29n41A+JRuiwDjYWVW2EiZOPgEAHOhqFIYc+iircdeG/2U2MbGxirjM0w/uy u7SIeJVIHriF97mkiANCpMfw2gwSpknK5eXFLvYXES/I3Ci//8vegBkctLTnJT0QyjX4V5 WOmv5Z5ldIkz2HzR/LZwbIEQa77WXYGhsgl4Vp5NCwP6Vz9UU9giyIV2KbO4j232dXmQKQ VZqoCTc4sHESyqqEsVySZMVKzr5NVHU9wfgW5dT3W574iJGihNeTkmJQWy+SBswwkGBIib 6aFd1Dg2Hr2eR4n3/gRPQ1ywEqjqR6GsOM0fnnUvjJ7jdblJhuO6ONHB5PTWvw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SWNT75BKqz14DX for ; Thu, 16 Nov 2023 14:58:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3AGEwZjH075204 for ; Thu, 16 Nov 2023 14:58:35 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3AGEwZvE075203 for pf@FreeBSD.org; Thu, 16 Nov 2023 14:58:35 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 274850] Packets are disappearing when both PF "divert-to" and "Dnpipe" rules are activated simultaneously Date: Thu, 16 Nov 2023 14:58:36 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: burak.sn@outlook.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274850 --- Comment #3 from Alfa --- (In reply to Igor Ostapenko from comment #2) Hi, It worked Thans for your work --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Nov 17 17:07:30 2023 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SX3HQ1x0hz519MP for ; Fri, 17 Nov 2023 17:07:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SX3HQ002Kz4RZL for ; Fri, 17 Nov 2023 17:07:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1700240850; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Rha2NUJ5rMu2lz76DH/nH9RPqcdOA7IJjvEgBXg7Ih8=; b=aKSNmhNbPf1Gv5NJHi/+BI5GwjQUpizogkgV9Z466KpYAhgXtO0/HVvdEnvx6XBJA67YYp YIeQZbj3H39fLmmKqU7gs2qMPusUBeGSVAUq1XwJQ26mJU8SZfguHr2qI6wHiVw5SDigdl XjOy0X2Do108+Mw70dJt9abc6P5c40WxOoic2YBFNBjFAzdjDxQ2H6krdpfbwtWoBqTlts xWI7zzEd6N+ocSEeaPr1Q04hrQ4DLV9DrNdlpGQCB9ZZep/c4Fqe7h8aA8o++Xz9OWcM1H P4vgumeb8/XSbuJx6NSww/vnot07qWwFHUSjlO9gkq7ntLt2n1st7nummsHofQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1700240850; a=rsa-sha256; cv=none; b=n/CGOuTx12qVavXkeERBsd1xKXGgl9m6dBQZ7L9M6J7C7y25aa2gU16NrgExhAHAV7nnIw Xys3WOniNmOj/O8141hpSNBzIRQ447ywLbIfpDcYMETNh4cKMo1XPQbAz56wcUoe/Y5ULa p/aKKuIhm0LdbljYeFNzk47ufM3Ri3ulyzwlWqXKpzvQMxBLTxl8kAvJIYPanWEtvbTf6+ tcsLGogOiIqGug8WG4LCJV+nv/0Ec1suW3pOcxqAMbsTdAew/PoiGVRFtTG/wKJFaOWOxd XueN0ufe/zKPEV/cC+OFiYgOu1iSHFLexfdrhrneDyKxTqwlfzzJ4EraRHmlow== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SX3HP68ntzrP7 for ; Fri, 17 Nov 2023 17:07:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3AHH7TOP040087 for ; Fri, 17 Nov 2023 17:07:29 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3AHH7Thn040086 for pf@FreeBSD.org; Fri, 17 Nov 2023 17:07:29 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 274850] Packets are disappearing when both PF "divert-to" and "Dnpipe" rules are activated simultaneously Date: Fri, 17 Nov 2023 17:07:30 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274850 --- Comment #4 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3Dfe3bb40b9e807d4010617de1ef040ba3a= a623487 commit fe3bb40b9e807d4010617de1ef040ba3aa623487 Author: Igor Ostapenko AuthorDate: 2023-11-17 16:04:01 +0000 Commit: Kristof Provost CommitDate: 2023-11-17 16:06:16 +0000 pf: fix dummynet + ipdivert use case Dummynet re-injects an mbuf with MTAG_IPFW_RULE added, and the same mtag is used by divert(4) as parameters for packet diversion. If according to pf rule set a packet should go through dummynet first and through ipdivert after then mentioned mtag must be removed after dummynet not to make ipdivert think that this is its input parameters. At the very beginning ipfw consumes this mtag what means the same behavior with tag clearing after dummynet. And after fabf705f4b5a pf passes parameters to ipdivert using its personal MTAG_PF_DIVERT mtag. PR: 274850 Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D42609 sys/netpfil/pf/pf.c | 27 +++++++-- tests/sys/netpfil/pf/divert-to.sh | 118 ++++++++++++++++++++++++++++++++++= +++- 2 files changed, 139 insertions(+), 6 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Nov 18 15:30:09 2023 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SXd4n0wg5z51FPt for ; Sat, 18 Nov 2023 15:30:17 +0000 (UTC) (envelope-from void@f-m.fm) Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4SXd4m1fQ8z3HhZ for ; Sat, 18 Nov 2023 15:30:16 +0000 (UTC) (envelope-from void@f-m.fm) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=f-m.fm header.s=fm1 header.b=V1nT0K8H; dkim=pass header.d=messagingengine.com header.s=fm1 header.b=yj7nlPj5; spf=pass (mx1.freebsd.org: domain of void@f-m.fm designates 64.147.123.24 as permitted sender) smtp.mailfrom=void@f-m.fm; dmarc=pass (policy=none) header.from=f-m.fm Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 8786A32009A0 for ; Sat, 18 Nov 2023 10:30:13 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Sat, 18 Nov 2023 10:30:13 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=f-m.fm; h=cc :content-type:content-type:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:sender:subject:subject:to:to; s=fm1; t=1700321413; x=1700407813; bh=8p6Q02ow7ZcEonFzy7PtdF16a 0m0zd+k4kZ2q5TLOgE=; b=V1nT0K8HP+iRJm1i/3+C9gPb2W3JmVGOQrykHVlqS 7OhAeNu4fzlDGlDx3GhTjstLRBPcllRSP9i0DdarRf+jnoPgJXEZz97z1jYUZIkO mfUgQ8q26R76J7UFSbnffq8Q88W0W3w2h1VLh1Uq86uSfVCnUBTPGzoH1cX3/qqc 7lJzEaQqO9Y1U+mLGoNu33b+V1D5SEzCHutSh6+TiRMLRbuxp/ED+LJjhEKZlzfD Af6a2Vhn9+/nmczB+XOx3+qH5s+VBDNwUVab52I0fCJqpR7kwuH8EhdpDXcI8m9x scm2TsVZuGlBmf2qCVrh0Bwzo3SchXXqQjvAIkBJEsEAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1700321413; x=1700407813; bh=8p6Q02ow7ZcEonFzy7PtdF16a0m0zd+k4kZ 2q5TLOgE=; b=yj7nlPj5FpBEAmNjus3hxln9doEqV1pOogii5k8NaKwk9vmk4Xh x1ctV71XOn7eVi8w+AqsFsPJyo7weCbTsFfVf0Im8sooeQEu/NufXSLxI7Gl/U1J sPYPv5DgeH1gwJuEMxVrSrSHYYPWEUN/40emPhaPl0KjciAUCuRXHRXV3QFhUmt+ VecRt6J7gzKF0L52PnxJsA73uP1M6yU7CN4/hFitBCby4XwrDnM1JvMxhLlfnPr8 d/JHTNndUhQjSTi/seUgM/GX2XPquaQoSKs4gBKsjmd9/DSFQP8RFHKj2w93B8C/ Eng8HZFmQGXQpxBr6IzcrwZCAXE8cHB8NMw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrudegvddgjeeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkgggtugesthdtredttd dtvdenucfhrhhomhepvhhoihguuceovhhoihgusehfqdhmrdhfmheqnecuggftrfgrthht vghrnhepveduffeivdfffffghfegfeejfefftdeiteehteekfefhvdefgfettdeuheegff eunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepvhho ihgusehfqdhmrdhfmh X-ME-Proxy: Feedback-ID: i2541463c:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Sat, 18 Nov 2023 10:30:12 -0500 (EST) Date: Sat, 18 Nov 2023 15:30:09 +0000 From: void To: freebsd-pf@freebsd.org Subject: re: pf is broken in stable/14-n265566-4533fa42ad91 arm64 Message-ID: Mail-Followup-To: freebsd-pf@freebsd.org List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline X-Spamd-Result: default: False [-4.00 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; FAKE_REPLY(1.00)[]; DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.996]; DMARC_POLICY_ALLOW(-0.50)[f-m.fm,none]; MID_RHS_NOT_FQDN(0.50)[]; RWL_MAILSPIKE_EXCELLENT(-0.40)[64.147.123.24:from]; R_SPF_ALLOW(-0.20)[+ip4:64.147.123.24]; R_DKIM_ALLOW(-0.20)[f-m.fm:s=fm1,messagingengine.com:s=fm1]; RCVD_IN_DNSWL_LOW(-0.10)[64.147.123.24:from]; MIME_GOOD(-0.10)[text/plain]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; TO_MATCH_ENVRCPT_ALL(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; ARC_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:29838, ipnet:64.147.123.0/24, country:US]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_NONE(0.00)[]; FREEMAIL_FROM(0.00)[f-m.fm]; MLMMJ_DEST(0.00)[freebsd-pf@freebsd.org]; DKIM_TRACE(0.00)[f-m.fm:+,messagingengine.com:+]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; FREEMAIL_ENVFROM(0.00)[f-m.fm]; RCVD_VIA_SMTP_AUTH(0.00)[] X-Rspamd-Queue-Id: 4SXd4m1fQ8z3HhZ X-Spamd-Bar: --- Hi, [originally sent to freebsd-stable but on second thoughts, this should have gone here] This context [1] was on stable/14-n265566 where pf worked fine. Source upgrade yesterday to stable/14-n265566 and pf is now broken. # service pf status /usr/src/sys/contrib/libnv/nvlist.c:379: Element 'halfopen_states' of type NUMBER doesn't exist. Abort trap (core dumped) To try and debug, I disabled all pf-related things in rc.conf and loader.conf, and tried to load things manually then apply a very basic pf config file /etc/pf.basic # kldload pf # # pfctl -nvf /etc/pf.basic ext_if = "genet0" block drop in all pass in on genet0 proto tcp from any to any port = ssh flags S/SA keep state pass out all flags S/SA keep state # pfctl -evf /etc/pf.basic No ALTQ support in kernel ALTQ related functions disabled ext_if = "genet0" pfctl: DIOCADDRULENV: Argument list too long When the problem was first identified, this appeared at the console on bootup: ### Nov 13 12:18:05 redacted kernel: Enabling pfpfctl: DIOCADDRULENV: Argument list too long Nov 13 12:18:05 redacted kernel: /etc/rc: WARNING: Unable to load /etc/pf.conf. Nov 13 12:18:05 redacted kernel: /etc/rc: WARNING: Loading fallback rules: block drop log all Nov 13 12:18:05 redacted kernel: pfctl: DIOCADDRULENV: Argument list too long Nov 13 12:18:05 redacted kernel: /usr/src/sys/contrib/libnv/nvlist.c:379: Element 'halfopen_states' of type NUMBER doesn't exist. Nov 13 12:18:05 redacted kernel: Abort trap (core dumped) Nov 13 12:18:05 redacted kernel: . Note the pfpfctl above [1] raspberry pi 4b+ 8GB -- From nobody Sat Nov 18 16:25:58 2023 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SXfK30Wnsz51Jl1 for ; Sat, 18 Nov 2023 16:25:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SXfK25fTcz3Pww for ; Sat, 18 Nov 2023 16:25:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1700324758; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kp2JNTZzub4I7bxNi5/mnQTVfLxaxz8QQH3p1ya3rCQ=; b=Twa0XFLoTtlu502Qow2TNOYx9EGW8DoAmTdHf8oIWr2/syxuTvFKWk0VpYdDrYrypV9DIx muQ/qnO47slSaX3uGC7Ms+OLAi7TN6XeKqaGYczHaLqyIlnur4hO3SZkh6nOO4eIUvjpxo YeT/V1BEI6UEVomd8TrInK+TlKJrX0fts6efe20zxdNrE159Ly2U7I75XmECnJ9b0jeFlq vRqWi1ieWYeIrpJSmbXmb3kIujrOFIo5jfl7L0Lo4aoaDbUJ+u+lCwpWHDFIxLM+nMsfmf PE6nJ3VhVltxtzXf4NiswS4CCQ0K0/5U0UKtOjxTu/T+WDEFMzXO6WXihqnwNA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1700324758; a=rsa-sha256; cv=none; b=kdV1rbX3X35Ffnqq4FpVdrGuFCG397tGJq6KhJihnnKHOXWw48CF/Z8j7vyQFhNH69fvyK PtxFDQomznJvXdEz4riE7aoJb6mz6zb/JnCYgs9khHm/tZCiYdhgZ+0tWhNTCDR9mhxIX3 K8OK7biHpIb0qUCE747OJWz+HIvDlLjwfla1/9vSEC3Ars2Pw3iaMHCBEtQmTiHWpncHiI LX6iRNFrh2lcQ1MfYK6bbMVJGAFdPRIbnCwwtrL/gkaRMl28n6zo/Ys4Fb1Pj/xXwE1zJv 7hMw1a8hxdrkEESxaBKEwk2kD6rVvaHEBa1+0FuSD6oLjWWU0/3XejGDkYCI2A== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SXfK24bR6zZ03 for ; Sat, 18 Nov 2023 16:25:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3AIGPwEt034712 for ; Sat, 18 Nov 2023 16:25:58 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3AIGPwlk034711 for pf@FreeBSD.org; Sat, 18 Nov 2023 16:25:58 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 274850] Packets are disappearing when both PF "divert-to" and "Dnpipe" rules are activated simultaneously Date: Sat, 18 Nov 2023 16:25:58 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: emaste@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274850 Ed Maste changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |emaste@freebsd.org Status|New |In Progress --=20 You are receiving this mail because: You are the assignee for the bug.=