From nobody Tue Mar 5 08:11:13 2024
X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TppDW0hzCz5C7S7
for <freebsd-pf@mlmmj.nyi.freebsd.org>; Tue, 5 Mar 2024 08:11:23 +0000 (UTC)
(envelope-from eugene@zhegan.in)
Received: from elf.hq.norma.perm.ru (mail.norman-retail.ru [128.127.146.8])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "mail.norma.perm.ru", Issuer "R3" (not verified))
by mx1.freebsd.org (Postfix) with ESMTPS id 4TppDT1h40z4JN1
for <freebsd-pf@freebsd.org>; Tue, 5 Mar 2024 08:11:21 +0000 (UTC)
(envelope-from eugene@zhegan.in)
Authentication-Results: mx1.freebsd.org;
dkim=pass header.d=zhegan.in header.s=key header.b=Fpjfh88T;
dmarc=none;
spf=pass (mx1.freebsd.org: domain of eugene@zhegan.in designates 128.127.146.8 as permitted sender) smtp.mailfrom=eugene@zhegan.in
Received: from [192.168.57.177] (net208-181.perm.ertelecom.ru [46.146.208.181] (may be forged))
by elf.hq.norma.perm.ru (8.16.1/8.16.1) with ESMTPS id 4258BIex045597
(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO)
for <freebsd-pf@freebsd.org>; Tue, 5 Mar 2024 13:11:19 +0500 (+05)
(envelope-from eugene@zhegan.in)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zhegan.in; s=key;
t=1709626279;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding;
bh=8SskKXQBMDxLTt+19fyXUQdBaJx1QKoqzH8H7cW0YBk=;
b=Fpjfh88T5QRdCyo7HJTeXzx0uBkjH0OBCKxFGWxmVlvp+bnSO3rEBnrRmb7k1BO8lETYt7
vLCNi0geaIebBdm6QK3x4zAMdwLsogwb/25FcvEzpKU0YJbvN42E170eLWvqudpef1PaZg
ySLa/0AYkhWBIkBmrNt7DGcO7ngNKus=
Message-ID: <d38d0e14-4b8b-420f-b9e7-62c521f003aa@zhegan.in>
Date: Tue, 5 Mar 2024 13:11:13 +0500
List-Id: Technical discussion and general questions about packet filter (pf) <freebsd-pf.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-pf
List-Help: <mailto:pf+help@freebsd.org>
List-Post: <mailto:pf@freebsd.org>
List-Subscribe: <mailto:pf+subscribe@freebsd.org>
List-Unsubscribe: <mailto:pf+unsubscribe@freebsd.org>
Sender: owner-freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
From: "Eugene M. Zheganin" <eugene@zhegan.in>
Subject: dumb question about "no state"
To: freebsd-pf@freebsd.org
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spamd-Bar: ---
X-Spamd-Result: default: False [-3.49 / 15.00];
NEURAL_HAM_LONG(-1.00)[-1.000];
NEURAL_HAM_MEDIUM(-1.00)[-1.000];
NEURAL_HAM_SHORT(-1.00)[-1.000];
R_SPF_ALLOW(-0.20)[+a];
R_DKIM_ALLOW(-0.20)[zhegan.in:s=key];
MIME_GOOD(-0.10)[text/plain];
XM_UA_NO_VERSION(0.01)[];
RCVD_TLS_ALL(0.00)[];
RCPT_COUNT_ONE(0.00)[1];
RCVD_COUNT_ONE(0.00)[1];
ASN(0.00)[asn:212494, ipnet:128.127.146.0/24, country:RU];
MIME_TRACE(0.00)[0:+];
DMARC_NA(0.00)[zhegan.in];
MLMMJ_DEST(0.00)[freebsd-pf@freebsd.org];
ARC_NA(0.00)[];
FROM_EQ_ENVFROM(0.00)[];
FROM_HAS_DN(0.00)[];
MID_RHS_MATCH_FROM(0.00)[];
TO_DN_NONE(0.00)[];
PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org];
TO_MATCH_ENVRCPT_ALL(0.00)[];
DKIM_TRACE(0.00)[zhegan.in:+]
X-Rspamd-Queue-Id: 4TppDT1h40z4JN1
Hello,
I hope the following is self-explanatory:
pfctl -vs rules:
[...]
pass quick proto tcp all flags A/A no state
 [ Evaluations: 1125881  Packets: 972814   Bytes: 421350757 States:
82Â Â Â ]
 [ Inserted: uid 0 pid 28187 State Creations: 82   ]
man pf.conf:
    pass The packet is passed; state is created unless the no state
option is specified.
Why does this rule create states ? Am I misreading/misunderstanding the
part "state is created unless the no state option is specified" ?
Thanks.
Eugene.
From nobody Tue Mar 5 09:29:04 2024
X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TpqyM0wYvz5CGr8
for <freebsd-pf@mlmmj.nyi.freebsd.org>; Tue, 5 Mar 2024 09:29:15 +0000 (UTC)
(envelope-from SRS0=U52X=KL=quip.cz=000.fbsd@elsa.codelab.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 4TpqyL2JX2z4R9M
for <freebsd-pf@freebsd.org>; Tue, 5 Mar 2024 09:29:14 +0000 (UTC)
(envelope-from SRS0=U52X=KL=quip.cz=000.fbsd@elsa.codelab.cz)
Authentication-Results: mx1.freebsd.org;
none
Received: from elsa.codelab.cz (localhost [127.0.0.1])
by elsa.codelab.cz (Postfix) with ESMTP id E816AD78B9;
Tue, 5 Mar 2024 10:29:05 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quip.cz; s=private;
t=1709630945; bh=x7OcWcR2vPLIAtvhhU/DhEfMXuKecotTbGp2P0Uagsk=;
h=Date:Subject:To:References:From:In-Reply-To;
b=4SqMaIrTvAoWwJemxjB3VC/kkycacNIYbCOz9Bcx4RChG1aWhZ92UOO455fwlQNSF
mqPryCNXkVL6+Rs0X8tzeum+eklXOFhsYgrCL8FsrO9mKussQ93VjHh5Mhnk/IqP9l
50dnrBKxGH5mREhj4LOJLWGgACxypcZirkhuFVZQ=
Received: from [192.168.145.49] (ip-89-177-27-225.bb.vodafone.cz [89.177.27.225])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by elsa.codelab.cz (Postfix) with ESMTPSA id CB08ED7891;
Tue, 5 Mar 2024 10:29:04 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quip.cz; s=private;
t=1709630944; bh=x7OcWcR2vPLIAtvhhU/DhEfMXuKecotTbGp2P0Uagsk=;
h=Date:Subject:To:References:From:In-Reply-To;
b=QlEEj61oL6TSzqOvNDf6O10ktzvD+ibhP/b+YQgjyCvP5LmlQCWViTG0o0FCBR7M1
6OjHPsHmhvjukdSA8kq8I4sHrFNSm4+g20uy2iHclN9gNmdqCDTah569wn5Zqg9n8S
liqVpy8UJdxyMH/oRZIp7dpPJ1ON5L61apLbdpCE=
Message-ID: <88035aa9-bfd1-41f4-ba9a-08b2bc8441d1@quip.cz>
Date: Tue, 5 Mar 2024 10:29:04 +0100
List-Id: Technical discussion and general questions about packet filter (pf) <freebsd-pf.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-pf
List-Help: <mailto:pf+help@freebsd.org>
List-Post: <mailto:pf@freebsd.org>
List-Subscribe: <mailto:pf+subscribe@freebsd.org>
List-Unsubscribe: <mailto:pf+unsubscribe@freebsd.org>
Sender: owner-freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: dumb question about "no state"
To: "Eugene M. Zheganin" <eugene@zhegan.in>, freebsd-pf@freebsd.org
References: <d38d0e14-4b8b-420f-b9e7-62c521f003aa@zhegan.in>
Content-Language: en-US
From: Miroslav Lachman <000.fbsd@quip.cz>
In-Reply-To: <d38d0e14-4b8b-420f-b9e7-62c521f003aa@zhegan.in>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
module=replies;
Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
REPLY(-4.00)[];
ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ]
X-Rspamd-Queue-Id: 4TpqyL2JX2z4R9M
On 05/03/2024 09:11, Eugene M. Zheganin wrote:
> Hello,
>
> I hope the following is self-explanatory:
>
>
> pfctl -vs rules:
>
> [...]
>
> pass quick proto tcp all flags A/A no state
> Â [ Evaluations: 1125881Â Â Packets: 972814Â Â Â Bytes: 421350757 States:
> 82Â Â Â ]
> Â [ Inserted: uid 0 pid 28187 State Creations: 82Â Â Â ]
>
> man pf.conf:
>     pass The packet is passed; state is created unless the no state
> option is specified.
>
>
> Why does this rule create states ? Am I misreading/misunderstanding the
> part "state is created unless the no state option is specified" ?
Also from the man page, few lines after your citation:
By default pf(4) filters packets statefully; the first time a packet
matches a pass rule, a state entry is created; for subsequent packets
the filter checks whether the packet matches any state.
Kind regards
Miroslav Lachman
From nobody Tue Mar 5 10:30:19 2024
X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TpsK11ZTvz5CMtV
for <freebsd-pf@mlmmj.nyi.freebsd.org>; Tue, 5 Mar 2024 10:30:29 +0000 (UTC)
(envelope-from eugene@zhegan.in)
Received: from elf.hq.norma.perm.ru (mail.norman-retail.ru [128.127.146.8])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "mail.norma.perm.ru", Issuer "R3" (not verified))
by mx1.freebsd.org (Postfix) with ESMTPS id 4TpsK05bPFz4Ydl
for <freebsd-pf@freebsd.org>; Tue, 5 Mar 2024 10:30:28 +0000 (UTC)
(envelope-from eugene@zhegan.in)
Authentication-Results: mx1.freebsd.org;
none
Received: from [192.168.57.177] (net208-181.perm.ertelecom.ru [46.146.208.181] (may be forged))
by elf.hq.norma.perm.ru (8.16.1/8.16.1) with ESMTPS id 425AUOpK054960
(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO);
Tue, 5 Mar 2024 15:30:25 +0500 (+05)
(envelope-from eugene@zhegan.in)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zhegan.in; s=key;
t=1709634626;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=mcZpPD/S0wfzPBlb1LtoKEmaILxn338Eh+l/VqsJH3s=;
b=LQruJdkxCt91wU7ERRmSFw/8u6dGTwldV2xXSIXNUTx+JWNlr1f68+FWnopa22vhwEuf+W
/zNpwTPtsuDyx9+WVu08I3Hpu7nOCOtrEh5aUWx059eLo6blPt58N7xK4m/u4A4dI+Fl/w
8vTUF96W+uBOrBpWXoqSBsiGuXa8WqE=
Message-ID: <3983e6ab-5760-408e-a3a8-b40c8eb24c1d@zhegan.in>
Date: Tue, 5 Mar 2024 15:30:19 +0500
List-Id: Technical discussion and general questions about packet filter (pf) <freebsd-pf.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-pf
List-Help: <mailto:pf+help@freebsd.org>
List-Post: <mailto:pf@freebsd.org>
List-Subscribe: <mailto:pf+subscribe@freebsd.org>
List-Unsubscribe: <mailto:pf+unsubscribe@freebsd.org>
Sender: owner-freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: dumb question about "no state"
Content-Language: en-US
To: Miroslav Lachman <000.fbsd@quip.cz>, freebsd-pf@freebsd.org
References: <d38d0e14-4b8b-420f-b9e7-62c521f003aa@zhegan.in>
<88035aa9-bfd1-41f4-ba9a-08b2bc8441d1@quip.cz>
From: "Eugene M. Zheganin" <eugene@zhegan.in>
In-Reply-To: <88035aa9-bfd1-41f4-ba9a-08b2bc8441d1@quip.cz>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
module=replies;
Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
REPLY(-4.00)[];
ASN(0.00)[asn:212494, ipnet:128.127.146.0/24, country:RU]
X-Rspamd-Queue-Id: 4TpsK05bPFz4Ydl
Hello,
On 05.03.2024 14:29, Miroslav Lachman wrote:
>
>> Why does this rule create states ? Am I misreading/misunderstanding
>> the part "state is created unless the no state option is specified" ?
>
> Also from the man page, few lines after your citation:
>
> By default pf(4) filters packets statefully; the first time a packet
> matches a pass rule, a state entry is created; for subsequent packets
> the filter checks whether the packet matches any state.
>
I'm failing to see how this can explain state creation by a rule that
clearly shouldn't create any states at all. Furthermore, state are
(usually) created by a packet with SYN flag, in case of TCP.
Eugene.
From nobody Tue Mar 5 11:55:42 2024
X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TpvCV0Gq7z5CWKC
for <freebsd-pf@mlmmj.nyi.freebsd.org>; Tue, 5 Mar 2024 11:55:50 +0000 (UTC)
(envelope-from SRS0=U52X=KL=quip.cz=000.fbsd@elsa.codelab.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 4TpvCT4vr7z4gVN
for <freebsd-pf@freebsd.org>; Tue, 5 Mar 2024 11:55:49 +0000 (UTC)
(envelope-from SRS0=U52X=KL=quip.cz=000.fbsd@elsa.codelab.cz)
Authentication-Results: mx1.freebsd.org;
none
Received: from elsa.codelab.cz (localhost [127.0.0.1])
by elsa.codelab.cz (Postfix) with ESMTP id 42D6BD7891;
Tue, 5 Mar 2024 12:55:47 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quip.cz; s=private;
t=1709639747; bh=g5L1wzGjq8zRr+NrlJkmdHG5sNlAXmrU4obUmJRrcms=;
h=Date:Subject:To:References:From:In-Reply-To;
b=Ict7Hn7uJRKqYYQmPQ7iSNNt90i24McXYNU1F8/uNpzjs+U0dj3MxJqnZA1Bz8Pyb
J7BuZnp26PN3NwzRBS3P/9VzrBVUoFX0rxQnYwt1NVe3MXrzMft2lSaNVUHi6Q54pm
//9v7O63k9i/3I5AqeuIG52v4tlJFcqbnv2ZCOSU=
Received: from [192.168.145.49] (ip-89-177-27-225.bb.vodafone.cz [89.177.27.225])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by elsa.codelab.cz (Postfix) with ESMTPSA id EB951D78B9;
Tue, 5 Mar 2024 12:55:42 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quip.cz; s=private;
t=1709639743; bh=g5L1wzGjq8zRr+NrlJkmdHG5sNlAXmrU4obUmJRrcms=;
h=Date:Subject:To:References:From:In-Reply-To;
b=4FSQAF56Mfo+tK8KP5pokhalIJzfMMsaOTsKDgI8mrUxy1TMtKZAnpjGcsrm9pzlR
YbaTk0YwGqULvMaBvSDowF8+7rM4rj2v+Ewv09FwNedZDQwrXeKbog4f6mb6IXtbEV
j5ihIii83BOkOoVAt8INZGbWsHft+d/JOZl6UAsM=
Message-ID: <b527b7c9-e68e-49ba-ae54-538eea2fa010@quip.cz>
Date: Tue, 5 Mar 2024 12:55:42 +0100
List-Id: Technical discussion and general questions about packet filter (pf) <freebsd-pf.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-pf
List-Help: <mailto:pf+help@freebsd.org>
List-Post: <mailto:pf@freebsd.org>
List-Subscribe: <mailto:pf+subscribe@freebsd.org>
List-Unsubscribe: <mailto:pf+unsubscribe@freebsd.org>
Sender: owner-freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: dumb question about "no state"
Content-Language: en-US
To: "Eugene M. Zheganin" <eugene@zhegan.in>, freebsd-pf@freebsd.org
References: <d38d0e14-4b8b-420f-b9e7-62c521f003aa@zhegan.in>
<88035aa9-bfd1-41f4-ba9a-08b2bc8441d1@quip.cz>
<3983e6ab-5760-408e-a3a8-b40c8eb24c1d@zhegan.in>
From: Miroslav Lachman <000.fbsd@quip.cz>
In-Reply-To: <3983e6ab-5760-408e-a3a8-b40c8eb24c1d@zhegan.in>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
module=replies;
Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
REPLY(-4.00)[];
ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ]
X-Rspamd-Queue-Id: 4TpvCT4vr7z4gVN
On 05/03/2024 11:30, Eugene M. Zheganin wrote:
> Hello,
>
> On 05.03.2024 14:29, Miroslav Lachman wrote:
>>
>>> Why does this rule create states ? Am I misreading/misunderstanding
>>> the part "state is created unless the no state option is specified" ?
>>
>> Also from the man page, few lines after your citation:
>>
>> By default pf(4) filters packets statefully; the first time a packet
>> matches a pass rule, a state entry is created; for subsequent packets
>> the filter checks whether the packet matches any state.
>>
> I'm failing to see how this can explain state creation by a rule that
> clearly shouldn't create any states at all. Furthermore, state are
> (usually) created by a packet with SYN flag, in case of TCP.
I am sorry, you are right. I missed the part of your message with 82
states. I have no explanation for that.
Kind regards
Miroslav Lachman
From nobody Wed Mar 6 08:44:35 2024
X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TqQwR4bfpz5C6JV
for <freebsd-pf@mlmmj.nyi.freebsd.org>; Wed, 6 Mar 2024 08:44:39 +0000 (UTC)
(envelope-from vegeta@tuxpowered.net)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229])
(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 4TqQwQ5wcDz4plf
for <freebsd-pf@freebsd.org>; Wed, 6 Mar 2024 08:44:38 +0000 (UTC)
(envelope-from vegeta@tuxpowered.net)
Authentication-Results: mx1.freebsd.org;
dkim=pass header.d=tuxpowered-net.20230601.gappssmtp.com header.s=20230601 header.b=Z75+d8uQ;
dmarc=none;
spf=pass (mx1.freebsd.org: domain of vegeta@tuxpowered.net designates 2a00:1450:4864:20::229 as permitted sender) smtp.mailfrom=vegeta@tuxpowered.net
Received: by mail-lj1-x229.google.com with SMTP id 38308e7fff4ca-2d2305589a2so102260751fa.1
for <freebsd-pf@freebsd.org>; Wed, 06 Mar 2024 00:44:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=tuxpowered-net.20230601.gappssmtp.com; s=20230601; t=1709714677; x=1710319477; darn=freebsd.org;
h=in-reply-to:autocrypt:from:references:to:content-language:subject
:user-agent:mime-version:date:message-id:from:to:cc:subject:date
:message-id:reply-to;
bh=6Kdn/MdS//EL8YgOxAPBovnTCe1k8tTHeQQGWUc0fqM=;
b=Z75+d8uQiRPpkzovfKBrPvymoPgd+x/sermOAL78CLLMEcVH1xFwIzoG7d7mBchiC/
aYrrkGrr+XdJxOqFJJV6B0SMlxPzwasP+0yK/Hnc92lyt5LjCWH98o7/aCu1lxklqvlm
rXniGtyeoqzFymenMJgiRLpuVVuVS3gbEpG3njRgH8Ext72wrJOA8Zbe13W7EOww5QCg
j64FtQ8RriWCxb93bAeKukDRo3NMVBnnNyojzbVfEJVTLS++DmZ+NFDQvjFmTgQTevxE
3FqqLCHgWzlfUyKv6r2XFVmofsyMCDTxM+xWOGPX6WVEzz9awdt3V9KCM10s+qezTrtJ
J1VQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1709714677; x=1710319477;
h=in-reply-to:autocrypt:from:references:to:content-language:subject
:user-agent:mime-version:date:message-id:x-gm-message-state:from:to
:cc:subject:date:message-id:reply-to;
bh=6Kdn/MdS//EL8YgOxAPBovnTCe1k8tTHeQQGWUc0fqM=;
b=dQKAMK9IVmPJfxypXr5oykO6WNryb4XnSHAPTPhiJMMQ8MEi25Vsn4zMF7Tqm0rQZd
poL9zDkOTbQDtemamqMcWP4eJl5FqHQYAFyMHkGNGxgX4IBeQ0OZCUjgH646S8fIsVYF
fwbfy0Yh8wnjPq2EpfNCXgnKFGb+r/EA6mNhUKaLiAwDKM2baMgP+gYrD3GRg3fcvxXp
2gECYytgBHgW7Oo3wYuN8/xVdDvM7dwfB59e5wYW3J+XOL7VrORzB7xtZUJBvxWymewe
FoRgDCWwtUgYsSs4n/MHaLEcYHGK6C1yuOfkX0iUbG+8UFoW+hRmiKa/NCV7HtaiekNu
ynOQ==
X-Forwarded-Encrypted: i=1; AJvYcCVoI9fUeak7MGasp/94DEaF4Ej2eth0ewr6pRFas+SyHp8sP1QiwGOCUxDgCjQkllzaGQbRYpUx267MFtCKUi+X5dmppFF0
X-Gm-Message-State: AOJu0YyYeorYYhZk3FE7XA1LdeqKoBcuTlW5o+aXXh50fbt7QnfrwTNs
L2/Wy+bDUq3wSORFOUm++EwZSroCCiPZDTJRJPigN20qEXUtweuQ6M4SSM/E1UvUnC0wuH2UCp2
u
X-Google-Smtp-Source: AGHT+IH5m8A1b/urLd9DNWbFD6H2cOAsY5kq9zdy+9pUIPCVDr3xa7JaA2No7cYOV1JhQz3xd7linQ==
X-Received: by 2002:a05:651c:103a:b0:2d3:a096:cb83 with SMTP id w26-20020a05651c103a00b002d3a096cb83mr2776380ljm.51.1709714676968;
Wed, 06 Mar 2024 00:44:36 -0800 (PST)
Received: from [172.18.33.198] ([212.53.142.20])
by smtp.gmail.com with ESMTPSA id cy24-20020a0564021c9800b00566850548fcsm6695117edb.20.2024.03.06.00.44.36
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Wed, 06 Mar 2024 00:44:36 -0800 (PST)
Message-ID: <c648dab7-4485-4977-8ba5-238f567eef8f@tuxpowered.net>
Date: Wed, 6 Mar 2024 09:44:35 +0100
List-Id: Technical discussion and general questions about packet filter (pf) <freebsd-pf.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-pf
List-Help: <mailto:pf+help@freebsd.org>
List-Post: <mailto:pf@freebsd.org>
List-Subscribe: <mailto:pf+subscribe@freebsd.org>
List-Unsubscribe: <mailto:pf+unsubscribe@freebsd.org>
Sender: owner-freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: dumb question about "no state"
Content-Language: en-GB
To: "Eugene M. Zheganin" <eugene@zhegan.in>, freebsd-pf@freebsd.org
References: <d38d0e14-4b8b-420f-b9e7-62c521f003aa@zhegan.in>
From: Kajetan Staszkiewicz <vegeta@tuxpowered.net>
Autocrypt: addr=vegeta@tuxpowered.net; keydata=
xsFNBGSvtwgBEADIx3vgFBaDsFD4MOGIsWSmHag9q8x3J5OrqBR9aIdeeDW4ghnPM1NgD8EQ
HQvaAufffQ/vYXSWWJyDdquVARWprEXXQIMQZcDhw0pHtSrNK6NFF5UWfBkxYxAr2hTlRp0b
R7QZk3ezGUElBpf+SJq5cCOy//32hnzJiKb+5hlL0QOheWKwKignhLckW8Yat+kjhsxw7pR8
vn/XSCwyejx3I8v2DZsTuXVOvbKr6kNwDryjl6JJwKFoQ/aNUeD7dmLP2ieB9HCHBBBIi16Z
JcUCyJw8LI6GPrfr5zPEP38Up/psDQWoldbO2Kf5DyCN2HGFKLrK9StyjiMs4dgaA0ZXxIdn
JTzdAP6+d1qIfvv5mGhbqTvHgX6ReR7l93eE3Q6WJqGiuFGUtKdU5qaRHd4IdbFnhNK/rWjg
ZoKAlZwhnZ9BWZC8Vb9DznURYQUubt2Gr7Sutt0043d/WoWyGS2p7dEfXaeE1WE7n/6KqbBU
zG/rF/20eeT0lmrNAy9pgFD5WmTtzHnljBzQSBDMTxZP3iEmFa0pXP+Ch/H26AxV99MXs7Tz
Xj6VF5NKcIJ67m1pwJSW2vO9UhL2OVBJI3571C+9qn52QJjZdm4R4gHpgjbr4EoCUdlchCa1
iUQ1gV6SJI70WqgwmVprYwvaN1Rdld2iQFX+W6aOq6be1VzrwQARAQABzSxLYWpldGFuIFN0
YXN6a2lld2ljeiA8dmVnZXRhQHR1eHBvd2VyZWQubmV0PsLBlwQTAQgAQQIbAwUJB4YelwUL
CQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBH0hCHMWPZA3mb0mbICq13+m8wBTBQJkr7gjAhkB
AAoJEICq13+m8wBT14sQAKj1sG3yLeRfoKmmMgdbCErSrEg0uCChvWhRz/PCNfJB4SrUfSBj
unM56CeCVUf1SBI7cq6tJDujMor433OpiuZvtlgJezfoeyTvgjiGshVnstNAik77+B6lnhvJ
VwA7O3aT19kW/wUiVx9bATAleE4SQjyXq1z0onzh+FLeYZucfzISzUgOx2Ggb/eseDZ+v2re
ja47WmMl/iU6ERvG3+GbmgZuYGRDIhzsa0l1YFzMrCmqrZ6ysW2JMwH+wkbw94yyLmF1k7uU
KkRrejDiQjDk8Db2Smf7MaLGOCQGrz0Q2vSuETIavw2zQYs0bsQLuhV2/TlXegdfbe4wNhsD
t4Zs2KEr8lHrXfIckxDn/vwlh2TWnPLQqlN13dctesfK/HFWqReIhfYu2B9WQCugLR2NAlO+
hw9wuOzBu8SfOX+CIcqHfX2Q+c7KrHFSsscENu2QnE27my5vqjkig4cpjZDLitKTyqKm8UNI
f2O1xF137zA5byn/4rQFlfn8LbhuPdLBexvasjIQzuSgTZZ7cjUqbXFXssYsU0CFUHCoH5yF
VrW8RGvx+W1l2nZQr03cZEoQEL+La4+LIRiuwFfohpz5xCsP0GdBDVIinC9vAkW7I6Y6ssCv
ykMhaOGXZzs8mR47KCt6aFPX3vir9WmHQvHvSXaSxLNzfzmwl1e1hXD1zsFNBGSvtwgBEACw
4wl+FEyUehwSjs6/jhECE9r4fzwG+nUg1Q2ct8BneAjjUV/0UcMPQtphIGKqlJTxnxIEiz8D
R3kb3Y535qkAeAU4RV8ONCUrJLyXoLei/Ymk7161Gui9x3AB1Z2Yi3x76MuRAFH7QIAxhXYo
MN97IpgFDrv/ALwCD/eROFWEm5vNP8fvvpKBxtNaolebXWMfSFo3GJ8C73x+L8vW3D0uOp43
9MKUVAm6SMZXvYQA2P5+q15gxVUs0uhT69gHTrUMPHqPvARxZK5vpY+n3Phys9CZw84WaXcz
qLjvmpKqqs/ody3r7caXZcN7eg3sihI0ud6R3UufM4WJ1UV8YLdwIi8dRMx0ozzjw+3E5ji0
gatXhhdZ9N7MsEOfy2o4IxukxJSvsDO9WRqIY2PgyXHlpiM026hhXiJRyCeV0TN1MAwId8YM
2+Ujce9n+Cu78d8+1lLVx82kvArm5zEL/Dj9b4SAZbyzQd5JzkiEWcYtZvTBG+NiAXgm9DR9
i4IC0TuEXfxT+vuriDKYhlyXzPhvaCngIkQ574YwGOrbjfCsSvZCrrSHtb+Mw1uC7kNvegfW
9ZUegD7knKXCt+4AX1xP27JB+ERdFoi7Ri7ROZLJB3Ne8oDS/aN40roKHj8mkm15lAMwrYB1
7ct/J8UCfQH4eagW8SwS2M6Tut6B4VWG+wARAQABwsF8BBgBCAAmFiEEfSEIcxY9kDeZvSZs
gKrXf6bzAFMFAmSvtwgCGwwFCQeGHpcACgkQgKrXf6bzAFNbXRAAgFwTrMTEZDO79izcm/uU
uGBoa3SKkxIwfhjYWwkHoLyr9P8fqRX6NjW///e8YWdLmf1jBESRnQYEbuSvociDpc7CJ57f
3GaKlHZs2ci5u0tqM0H/VKI/cAuPBGXli/unnbozlsU1fU4uZfY/4Tl2P8FNApJh2vbNalIt
Mc9l0Iz3d5URPWAe7Pnb29tEVu5TNR/bJg7ihLsTY18XcePkHRRrnPF9ui9egB5FbCAQ/VSg
Pl7/kD/PkOT/3kc+C4RhddRMUmPxH0G4hvBPLRuvLgwtaj8vnurN1NxbllzK33ZWkvbUhIrw
Qcv23jfhQmg/cpzsQKeyu7L53bgUc4+zYoq/wd3n9SMCO5vTMUrswNqmD4wyopjblCGSeKNy
kiiFA70umn5tB+Ra8H5k+n/e2QluKns+DoIg1Hm5chk/emBG42JYTdrMhLFQGZnzJU3WJf1j
cVzOFLcqDuq+IwRPJrCZXsLft2O79uU+zbla+RdWd0uIzjbM4R8jch470h5cK61kcaQ7UwSb
OpdPyq9PqFl26x2g4jDNmFLAuQDEBJoxmZA2bNfQk+DwYYTuoTItN3F674nb8Fk+tQyXL6fl
5CXOJOTJArKmokrPLcr3HXGUQpfBzXRDuK0UKgn3m9UXq2laaODgswuoZqm0vqWuWIRMm84J
Wbiwhrslf0hn78s=
In-Reply-To: <d38d0e14-4b8b-420f-b9e7-62c521f003aa@zhegan.in>
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------lU6F9dopQ6TjWEaPUmMqkHln"
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.12 / 15.00];
SIGNED_PGP(-2.00)[];
NEURAL_HAM_MEDIUM(-1.00)[-1.000];
NEURAL_HAM_LONG(-1.00)[-1.000];
NEURAL_SPAM_SHORT(0.37)[0.366];
MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain];
R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36];
R_DKIM_ALLOW(-0.20)[tuxpowered-net.20230601.gappssmtp.com:s=20230601];
MIME_BASE64_TEXT(0.10)[];
XM_UA_NO_VERSION(0.01)[];
RCVD_TLS_LAST(0.00)[];
FROM_HAS_DN(0.00)[];
RCPT_COUNT_TWO(0.00)[2];
DMARC_NA(0.00)[tuxpowered.net];
MIME_TRACE(0.00)[0:+,1:+,2:+,3:~];
ARC_NA(0.00)[];
HAS_ATTACHMENT(0.00)[];
ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
TO_DN_SOME(0.00)[];
TO_MATCH_ENVRCPT_SOME(0.00)[];
RCVD_COUNT_TWO(0.00)[2];
FROM_EQ_ENVFROM(0.00)[];
DKIM_TRACE(0.00)[tuxpowered-net.20230601.gappssmtp.com:+];
PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org];
MID_RHS_MATCH_FROM(0.00)[];
MLMMJ_DEST(0.00)[freebsd-pf@freebsd.org];
RCVD_VIA_SMTP_AUTH(0.00)[];
RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::229:from]
X-Rspamd-Queue-Id: 4TqQwQ5wcDz4plf
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------lU6F9dopQ6TjWEaPUmMqkHln
Content-Type: multipart/mixed; boundary="------------uhf6x4AnubkXCzeHJz2JH0qN";
protected-headers="v1"
From: Kajetan Staszkiewicz <vegeta@tuxpowered.net>
To: "Eugene M. Zheganin" <eugene@zhegan.in>, freebsd-pf@freebsd.org
Message-ID: <c648dab7-4485-4977-8ba5-238f567eef8f@tuxpowered.net>
Subject: Re: dumb question about "no state"
References: <d38d0e14-4b8b-420f-b9e7-62c521f003aa@zhegan.in>
In-Reply-To: <d38d0e14-4b8b-420f-b9e7-62c521f003aa@zhegan.in>
--------------uhf6x4AnubkXCzeHJz2JH0qN
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
T24gMjAyNC0wMy0wNSAwOToxMSwgRXVnZW5lIE0uIFpoZWdhbmluIHdyb3RlOg0KDQo+IHBh
c3MgcXVpY2sgcHJvdG8gdGNwIGFsbCBmbGFncyBBL0Egbm8gc3RhdGUNCj4gIMKgIFsgRXZh
bHVhdGlvbnM6IDExMjU4ODHCoMKgIFBhY2tldHM6IDk3MjgxNMKgwqDCoCBCeXRlczogNDIx
MzUwNzU3IFN0YXRlczogDQo+IDgywqDCoMKgIF0NCj4gIMKgIFsgSW5zZXJ0ZWQ6IHVpZCAw
IHBpZCAyODE4NyBTdGF0ZSBDcmVhdGlvbnM6IDgywqDCoMKgIF0NCj4gDQo+IG1hbiBwZi5j
b25mOg0KPiAgwqDCoMKgwqAgcGFzc8KgIFRoZSBwYWNrZXQgaXMgcGFzc2VkOyBzdGF0ZSBp
cyBjcmVhdGVkIHVubGVzcyB0aGUgbm8gc3RhdGUgDQo+IG9wdGlvbiBpcyBzcGVjaWZpZWQu
DQo+IA0KPiANCj4gV2h5IGRvZXMgdGhpcyBydWxlIGNyZWF0ZSBzdGF0ZXMgPyBBbSBJIG1p
c3JlYWRpbmcvbWlzdW5kZXJzdGFuZGluZyB0aGUgDQo+IHBhcnQgInN0YXRlIGlzIGNyZWF0
ZWQgdW5sZXNzIHRoZSBubyBzdGF0ZSBvcHRpb24gaXMgc3BlY2lmaWVkIiA/DQoNCkFueSBj
aGFuY2UgdGhlcmUncyBuYXQsIGJpbmF0IG9yIHJkciBpbnZvbHZlZD8gVXNhZ2Ugb2YgTkFU
IGZvcmNlcyANCnN0YXRlZnVsIHRyYWNraW5nLCBldmVuIGlmIHRoZSBwYXNzaW5nIHJ1bGUg
ZGVjbGFycyBzdGF0ZWxlc3MgdHJhY2tpbmcuDQoNCi0tIA0KfCBwb3pkcmF3aWFtIC8gcmVn
YXJkcyB8IFBvd2VyZWQgYnkgbWFjT1MsIERlYmlhbiBhbmQgRnJlZUJTRCB8DQp8IEthamV0
YW4gU3Rhc3praWV3aWN6IHwgIHd3dzogaHR0cDovL3ZlZ2V0YS50dXhwb3dlcmVkLm5ldCAg
IHwNCmAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tXi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tJw0KDQo=
--------------uhf6x4AnubkXCzeHJz2JH0qN--
--------------lU6F9dopQ6TjWEaPUmMqkHln
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEfSEIcxY9kDeZvSZsgKrXf6bzAFMFAmXoLPMFAwAAAAAACgkQgKrXf6bzAFPM
qA//btAFMBbmgzZh2iBPoa4gju5q3/O8aCQBbqJcBou9Ej9nNla4ogV82lnH40X/BIyfZzW+84ua
mnQVDF1enYFi7mf57KyqwsoedxzUtzTVb2nMwBL/+K+WRXKukNUpOwBscoqS4zEP5JWVQAPlqVGm
JxH4OO/kffiBof1/DeU/sF6xMWQgLVQUEHc1BDG5XDtuWyk+n2QK3C3vxxWlq8F/aezWXuuaeLmM
QrI90sq+CoHagPY3uuGy/CIJRcAZh/NypdrE3hyjcdlssGz85ov0Fz4PL3ujx/CGolzP+QAWB31v
jMGiAXkd67PEGJREng+OLHvyfRYt8VAZ1dzlJWJTBUkMey4BUcfc/PapEn1gj1GstGbcGiGxRjGZ
YHkhP+qnON3vKj+03u0mf0p61ppEpVWj46414J2u2pPo3I307IxIHs7yj73UIym5rL6TBUHGSfdW
JYiRIWy7GPHYeMF4KS8JM2X6huaUpSTJ/dbe7NFU1O024qw6z+LWun6R0Xi/iPTwN9/EssrIlrUO
URESv7y5FFKp/lHWp++i1CERGJ99GBYD+zJOMMvGaG/IFyfAVJ9MqXvD/QP3JlqhiW5H/VKO/m2m
fBG3ZOHlqItiDFTAST3FUIxD16A75PwjhkyuqQryr7VtmNSsmTPBGXKfQmy7yNo+zZJkcIUMRXXy
Ky8=
=lzVM
-----END PGP SIGNATURE-----
--------------lU6F9dopQ6TjWEaPUmMqkHln--