From nobody Tue Mar 5 08:11:13 2024 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TppDW0hzCz5C7S7 for ; Tue, 5 Mar 2024 08:11:23 +0000 (UTC) (envelope-from eugene@zhegan.in) Received: from elf.hq.norma.perm.ru (mail.norman-retail.ru [128.127.146.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.norma.perm.ru", Issuer "R3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TppDT1h40z4JN1 for ; Tue, 5 Mar 2024 08:11:21 +0000 (UTC) (envelope-from eugene@zhegan.in) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=zhegan.in header.s=key header.b=Fpjfh88T; dmarc=none; spf=pass (mx1.freebsd.org: domain of eugene@zhegan.in designates 128.127.146.8 as permitted sender) smtp.mailfrom=eugene@zhegan.in Received: from [192.168.57.177] (net208-181.perm.ertelecom.ru [46.146.208.181] (may be forged)) by elf.hq.norma.perm.ru (8.16.1/8.16.1) with ESMTPS id 4258BIex045597 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO) for ; Tue, 5 Mar 2024 13:11:19 +0500 (+05) (envelope-from eugene@zhegan.in) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zhegan.in; s=key; t=1709626279; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8SskKXQBMDxLTt+19fyXUQdBaJx1QKoqzH8H7cW0YBk=; b=Fpjfh88T5QRdCyo7HJTeXzx0uBkjH0OBCKxFGWxmVlvp+bnSO3rEBnrRmb7k1BO8lETYt7 vLCNi0geaIebBdm6QK3x4zAMdwLsogwb/25FcvEzpKU0YJbvN42E170eLWvqudpef1PaZg ySLa/0AYkhWBIkBmrNt7DGcO7ngNKus= Message-ID: Date: Tue, 5 Mar 2024 13:11:13 +0500 List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: "Eugene M. Zheganin" Subject: dumb question about "no state" To: freebsd-pf@freebsd.org Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.49 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_ALLOW(-0.20)[+a]; R_DKIM_ALLOW(-0.20)[zhegan.in:s=key]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; RCVD_TLS_ALL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:212494, ipnet:128.127.146.0/24, country:RU]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[zhegan.in]; MLMMJ_DEST(0.00)[freebsd-pf@freebsd.org]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[zhegan.in:+] X-Rspamd-Queue-Id: 4TppDT1h40z4JN1 Hello, I hope the following is self-explanatory: pfctl -vs rules: [...] pass quick proto tcp all flags A/A no state   [ Evaluations: 1125881   Packets: 972814    Bytes: 421350757 States: 82    ]   [ Inserted: uid 0 pid 28187 State Creations: 82    ] man pf.conf:      pass  The packet is passed; state is created unless the no state option is specified. Why does this rule create states ? Am I misreading/misunderstanding the part "state is created unless the no state option is specified" ? Thanks. Eugene. From nobody Tue Mar 5 09:29:04 2024 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TpqyM0wYvz5CGr8 for ; Tue, 5 Mar 2024 09:29:15 +0000 (UTC) (envelope-from SRS0=U52X=KL=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4TpqyL2JX2z4R9M for ; Tue, 5 Mar 2024 09:29:14 +0000 (UTC) (envelope-from SRS0=U52X=KL=quip.cz=000.fbsd@elsa.codelab.cz) Authentication-Results: mx1.freebsd.org; none Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id E816AD78B9; Tue, 5 Mar 2024 10:29:05 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quip.cz; s=private; t=1709630945; bh=x7OcWcR2vPLIAtvhhU/DhEfMXuKecotTbGp2P0Uagsk=; h=Date:Subject:To:References:From:In-Reply-To; b=4SqMaIrTvAoWwJemxjB3VC/kkycacNIYbCOz9Bcx4RChG1aWhZ92UOO455fwlQNSF mqPryCNXkVL6+Rs0X8tzeum+eklXOFhsYgrCL8FsrO9mKussQ93VjHh5Mhnk/IqP9l 50dnrBKxGH5mREhj4LOJLWGgACxypcZirkhuFVZQ= Received: from [192.168.145.49] (ip-89-177-27-225.bb.vodafone.cz [89.177.27.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id CB08ED7891; Tue, 5 Mar 2024 10:29:04 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quip.cz; s=private; t=1709630944; bh=x7OcWcR2vPLIAtvhhU/DhEfMXuKecotTbGp2P0Uagsk=; h=Date:Subject:To:References:From:In-Reply-To; b=QlEEj61oL6TSzqOvNDf6O10ktzvD+ibhP/b+YQgjyCvP5LmlQCWViTG0o0FCBR7M1 6OjHPsHmhvjukdSA8kq8I4sHrFNSm4+g20uy2iHclN9gNmdqCDTah569wn5Zqg9n8S liqVpy8UJdxyMH/oRZIp7dpPJ1ON5L61apLbdpCE= Message-ID: <88035aa9-bfd1-41f4-ba9a-08b2bc8441d1@quip.cz> Date: Tue, 5 Mar 2024 10:29:04 +0100 List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: dumb question about "no state" To: "Eugene M. Zheganin" , freebsd-pf@freebsd.org References: Content-Language: en-US From: Miroslav Lachman <000.fbsd@quip.cz> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ] X-Rspamd-Queue-Id: 4TpqyL2JX2z4R9M On 05/03/2024 09:11, Eugene M. Zheganin wrote: > Hello, > > I hope the following is self-explanatory: > > > pfctl -vs rules: > > [...] > > pass quick proto tcp all flags A/A no state >   [ Evaluations: 1125881   Packets: 972814    Bytes: 421350757 States: > 82    ] >   [ Inserted: uid 0 pid 28187 State Creations: 82    ] > > man pf.conf: >      pass  The packet is passed; state is created unless the no state > option is specified. > > > Why does this rule create states ? Am I misreading/misunderstanding the > part "state is created unless the no state option is specified" ? Also from the man page, few lines after your citation: By default pf(4) filters packets statefully; the first time a packet matches a pass rule, a state entry is created; for subsequent packets the filter checks whether the packet matches any state. Kind regards Miroslav Lachman From nobody Tue Mar 5 10:30:19 2024 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TpsK11ZTvz5CMtV for ; Tue, 5 Mar 2024 10:30:29 +0000 (UTC) (envelope-from eugene@zhegan.in) Received: from elf.hq.norma.perm.ru (mail.norman-retail.ru [128.127.146.8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.norma.perm.ru", Issuer "R3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TpsK05bPFz4Ydl for ; Tue, 5 Mar 2024 10:30:28 +0000 (UTC) (envelope-from eugene@zhegan.in) Authentication-Results: mx1.freebsd.org; none Received: from [192.168.57.177] (net208-181.perm.ertelecom.ru [46.146.208.181] (may be forged)) by elf.hq.norma.perm.ru (8.16.1/8.16.1) with ESMTPS id 425AUOpK054960 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Tue, 5 Mar 2024 15:30:25 +0500 (+05) (envelope-from eugene@zhegan.in) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zhegan.in; s=key; t=1709634626; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mcZpPD/S0wfzPBlb1LtoKEmaILxn338Eh+l/VqsJH3s=; b=LQruJdkxCt91wU7ERRmSFw/8u6dGTwldV2xXSIXNUTx+JWNlr1f68+FWnopa22vhwEuf+W /zNpwTPtsuDyx9+WVu08I3Hpu7nOCOtrEh5aUWx059eLo6blPt58N7xK4m/u4A4dI+Fl/w 8vTUF96W+uBOrBpWXoqSBsiGuXa8WqE= Message-ID: <3983e6ab-5760-408e-a3a8-b40c8eb24c1d@zhegan.in> Date: Tue, 5 Mar 2024 15:30:19 +0500 List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: dumb question about "no state" Content-Language: en-US To: Miroslav Lachman <000.fbsd@quip.cz>, freebsd-pf@freebsd.org References: <88035aa9-bfd1-41f4-ba9a-08b2bc8441d1@quip.cz> From: "Eugene M. Zheganin" In-Reply-To: <88035aa9-bfd1-41f4-ba9a-08b2bc8441d1@quip.cz> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:212494, ipnet:128.127.146.0/24, country:RU] X-Rspamd-Queue-Id: 4TpsK05bPFz4Ydl Hello, On 05.03.2024 14:29, Miroslav Lachman wrote: > >> Why does this rule create states ? Am I misreading/misunderstanding >> the part "state is created unless the no state option is specified" ? > > Also from the man page, few lines after your citation: > > By default pf(4) filters packets statefully; the first time a packet > matches a pass rule, a state entry is created; for subsequent packets > the filter checks whether the packet matches any state. > I'm failing to see how this can explain state creation by a rule that clearly shouldn't create any states at all. Furthermore, state are (usually) created by a packet with SYN flag, in case of TCP. Eugene. From nobody Tue Mar 5 11:55:42 2024 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TpvCV0Gq7z5CWKC for ; Tue, 5 Mar 2024 11:55:50 +0000 (UTC) (envelope-from SRS0=U52X=KL=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4TpvCT4vr7z4gVN for ; Tue, 5 Mar 2024 11:55:49 +0000 (UTC) (envelope-from SRS0=U52X=KL=quip.cz=000.fbsd@elsa.codelab.cz) Authentication-Results: mx1.freebsd.org; none Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 42D6BD7891; Tue, 5 Mar 2024 12:55:47 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quip.cz; s=private; t=1709639747; bh=g5L1wzGjq8zRr+NrlJkmdHG5sNlAXmrU4obUmJRrcms=; h=Date:Subject:To:References:From:In-Reply-To; b=Ict7Hn7uJRKqYYQmPQ7iSNNt90i24McXYNU1F8/uNpzjs+U0dj3MxJqnZA1Bz8Pyb J7BuZnp26PN3NwzRBS3P/9VzrBVUoFX0rxQnYwt1NVe3MXrzMft2lSaNVUHi6Q54pm //9v7O63k9i/3I5AqeuIG52v4tlJFcqbnv2ZCOSU= Received: from [192.168.145.49] (ip-89-177-27-225.bb.vodafone.cz [89.177.27.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id EB951D78B9; Tue, 5 Mar 2024 12:55:42 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quip.cz; s=private; t=1709639743; bh=g5L1wzGjq8zRr+NrlJkmdHG5sNlAXmrU4obUmJRrcms=; h=Date:Subject:To:References:From:In-Reply-To; b=4FSQAF56Mfo+tK8KP5pokhalIJzfMMsaOTsKDgI8mrUxy1TMtKZAnpjGcsrm9pzlR YbaTk0YwGqULvMaBvSDowF8+7rM4rj2v+Ewv09FwNedZDQwrXeKbog4f6mb6IXtbEV j5ihIii83BOkOoVAt8INZGbWsHft+d/JOZl6UAsM= Message-ID: Date: Tue, 5 Mar 2024 12:55:42 +0100 List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: dumb question about "no state" Content-Language: en-US To: "Eugene M. Zheganin" , freebsd-pf@freebsd.org References: <88035aa9-bfd1-41f4-ba9a-08b2bc8441d1@quip.cz> <3983e6ab-5760-408e-a3a8-b40c8eb24c1d@zhegan.in> From: Miroslav Lachman <000.fbsd@quip.cz> In-Reply-To: <3983e6ab-5760-408e-a3a8-b40c8eb24c1d@zhegan.in> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ] X-Rspamd-Queue-Id: 4TpvCT4vr7z4gVN On 05/03/2024 11:30, Eugene M. Zheganin wrote: > Hello, > > On 05.03.2024 14:29, Miroslav Lachman wrote: >> >>> Why does this rule create states ? Am I misreading/misunderstanding >>> the part "state is created unless the no state option is specified" ? >> >> Also from the man page, few lines after your citation: >> >> By default pf(4) filters packets statefully; the first time a packet >> matches a pass rule, a state entry is created; for subsequent packets >> the filter checks whether the packet matches any state. >> > I'm failing to see how this can explain state creation by a rule that > clearly shouldn't create any states at all. Furthermore, state are > (usually) created by a packet with SYN flag, in case of TCP. I am sorry, you are right. I missed the part of your message with 82 states. I have no explanation for that. Kind regards Miroslav Lachman From nobody Wed Mar 6 08:44:35 2024 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TqQwR4bfpz5C6JV for ; Wed, 6 Mar 2024 08:44:39 +0000 (UTC) (envelope-from vegeta@tuxpowered.net) Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TqQwQ5wcDz4plf for ; Wed, 6 Mar 2024 08:44:38 +0000 (UTC) (envelope-from vegeta@tuxpowered.net) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tuxpowered-net.20230601.gappssmtp.com header.s=20230601 header.b=Z75+d8uQ; dmarc=none; spf=pass (mx1.freebsd.org: domain of vegeta@tuxpowered.net designates 2a00:1450:4864:20::229 as permitted sender) smtp.mailfrom=vegeta@tuxpowered.net Received: by mail-lj1-x229.google.com with SMTP id 38308e7fff4ca-2d2305589a2so102260751fa.1 for ; Wed, 06 Mar 2024 00:44:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tuxpowered-net.20230601.gappssmtp.com; s=20230601; t=1709714677; x=1710319477; darn=freebsd.org; h=in-reply-to:autocrypt:from:references:to:content-language:subject :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=6Kdn/MdS//EL8YgOxAPBovnTCe1k8tTHeQQGWUc0fqM=; b=Z75+d8uQiRPpkzovfKBrPvymoPgd+x/sermOAL78CLLMEcVH1xFwIzoG7d7mBchiC/ aYrrkGrr+XdJxOqFJJV6B0SMlxPzwasP+0yK/Hnc92lyt5LjCWH98o7/aCu1lxklqvlm rXniGtyeoqzFymenMJgiRLpuVVuVS3gbEpG3njRgH8Ext72wrJOA8Zbe13W7EOww5QCg j64FtQ8RriWCxb93bAeKukDRo3NMVBnnNyojzbVfEJVTLS++DmZ+NFDQvjFmTgQTevxE 3FqqLCHgWzlfUyKv6r2XFVmofsyMCDTxM+xWOGPX6WVEzz9awdt3V9KCM10s+qezTrtJ J1VQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709714677; x=1710319477; h=in-reply-to:autocrypt:from:references:to:content-language:subject :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=6Kdn/MdS//EL8YgOxAPBovnTCe1k8tTHeQQGWUc0fqM=; b=dQKAMK9IVmPJfxypXr5oykO6WNryb4XnSHAPTPhiJMMQ8MEi25Vsn4zMF7Tqm0rQZd poL9zDkOTbQDtemamqMcWP4eJl5FqHQYAFyMHkGNGxgX4IBeQ0OZCUjgH646S8fIsVYF fwbfy0Yh8wnjPq2EpfNCXgnKFGb+r/EA6mNhUKaLiAwDKM2baMgP+gYrD3GRg3fcvxXp 2gECYytgBHgW7Oo3wYuN8/xVdDvM7dwfB59e5wYW3J+XOL7VrORzB7xtZUJBvxWymewe FoRgDCWwtUgYsSs4n/MHaLEcYHGK6C1yuOfkX0iUbG+8UFoW+hRmiKa/NCV7HtaiekNu ynOQ== X-Forwarded-Encrypted: i=1; AJvYcCVoI9fUeak7MGasp/94DEaF4Ej2eth0ewr6pRFas+SyHp8sP1QiwGOCUxDgCjQkllzaGQbRYpUx267MFtCKUi+X5dmppFF0 X-Gm-Message-State: AOJu0YyYeorYYhZk3FE7XA1LdeqKoBcuTlW5o+aXXh50fbt7QnfrwTNs L2/Wy+bDUq3wSORFOUm++EwZSroCCiPZDTJRJPigN20qEXUtweuQ6M4SSM/E1UvUnC0wuH2UCp2 u X-Google-Smtp-Source: AGHT+IH5m8A1b/urLd9DNWbFD6H2cOAsY5kq9zdy+9pUIPCVDr3xa7JaA2No7cYOV1JhQz3xd7linQ== X-Received: by 2002:a05:651c:103a:b0:2d3:a096:cb83 with SMTP id w26-20020a05651c103a00b002d3a096cb83mr2776380ljm.51.1709714676968; Wed, 06 Mar 2024 00:44:36 -0800 (PST) Received: from [172.18.33.198] ([212.53.142.20]) by smtp.gmail.com with ESMTPSA id cy24-20020a0564021c9800b00566850548fcsm6695117edb.20.2024.03.06.00.44.36 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 06 Mar 2024 00:44:36 -0800 (PST) Message-ID: Date: Wed, 6 Mar 2024 09:44:35 +0100 List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: dumb question about "no state" Content-Language: en-GB To: "Eugene M. Zheganin" , freebsd-pf@freebsd.org References: From: Kajetan Staszkiewicz Autocrypt: addr=vegeta@tuxpowered.net; keydata= xsFNBGSvtwgBEADIx3vgFBaDsFD4MOGIsWSmHag9q8x3J5OrqBR9aIdeeDW4ghnPM1NgD8EQ HQvaAufffQ/vYXSWWJyDdquVARWprEXXQIMQZcDhw0pHtSrNK6NFF5UWfBkxYxAr2hTlRp0b R7QZk3ezGUElBpf+SJq5cCOy//32hnzJiKb+5hlL0QOheWKwKignhLckW8Yat+kjhsxw7pR8 vn/XSCwyejx3I8v2DZsTuXVOvbKr6kNwDryjl6JJwKFoQ/aNUeD7dmLP2ieB9HCHBBBIi16Z JcUCyJw8LI6GPrfr5zPEP38Up/psDQWoldbO2Kf5DyCN2HGFKLrK9StyjiMs4dgaA0ZXxIdn JTzdAP6+d1qIfvv5mGhbqTvHgX6ReR7l93eE3Q6WJqGiuFGUtKdU5qaRHd4IdbFnhNK/rWjg ZoKAlZwhnZ9BWZC8Vb9DznURYQUubt2Gr7Sutt0043d/WoWyGS2p7dEfXaeE1WE7n/6KqbBU zG/rF/20eeT0lmrNAy9pgFD5WmTtzHnljBzQSBDMTxZP3iEmFa0pXP+Ch/H26AxV99MXs7Tz Xj6VF5NKcIJ67m1pwJSW2vO9UhL2OVBJI3571C+9qn52QJjZdm4R4gHpgjbr4EoCUdlchCa1 iUQ1gV6SJI70WqgwmVprYwvaN1Rdld2iQFX+W6aOq6be1VzrwQARAQABzSxLYWpldGFuIFN0 YXN6a2lld2ljeiA8dmVnZXRhQHR1eHBvd2VyZWQubmV0PsLBlwQTAQgAQQIbAwUJB4YelwUL CQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBH0hCHMWPZA3mb0mbICq13+m8wBTBQJkr7gjAhkB AAoJEICq13+m8wBT14sQAKj1sG3yLeRfoKmmMgdbCErSrEg0uCChvWhRz/PCNfJB4SrUfSBj unM56CeCVUf1SBI7cq6tJDujMor433OpiuZvtlgJezfoeyTvgjiGshVnstNAik77+B6lnhvJ VwA7O3aT19kW/wUiVx9bATAleE4SQjyXq1z0onzh+FLeYZucfzISzUgOx2Ggb/eseDZ+v2re ja47WmMl/iU6ERvG3+GbmgZuYGRDIhzsa0l1YFzMrCmqrZ6ysW2JMwH+wkbw94yyLmF1k7uU KkRrejDiQjDk8Db2Smf7MaLGOCQGrz0Q2vSuETIavw2zQYs0bsQLuhV2/TlXegdfbe4wNhsD t4Zs2KEr8lHrXfIckxDn/vwlh2TWnPLQqlN13dctesfK/HFWqReIhfYu2B9WQCugLR2NAlO+ hw9wuOzBu8SfOX+CIcqHfX2Q+c7KrHFSsscENu2QnE27my5vqjkig4cpjZDLitKTyqKm8UNI f2O1xF137zA5byn/4rQFlfn8LbhuPdLBexvasjIQzuSgTZZ7cjUqbXFXssYsU0CFUHCoH5yF VrW8RGvx+W1l2nZQr03cZEoQEL+La4+LIRiuwFfohpz5xCsP0GdBDVIinC9vAkW7I6Y6ssCv ykMhaOGXZzs8mR47KCt6aFPX3vir9WmHQvHvSXaSxLNzfzmwl1e1hXD1zsFNBGSvtwgBEACw 4wl+FEyUehwSjs6/jhECE9r4fzwG+nUg1Q2ct8BneAjjUV/0UcMPQtphIGKqlJTxnxIEiz8D R3kb3Y535qkAeAU4RV8ONCUrJLyXoLei/Ymk7161Gui9x3AB1Z2Yi3x76MuRAFH7QIAxhXYo MN97IpgFDrv/ALwCD/eROFWEm5vNP8fvvpKBxtNaolebXWMfSFo3GJ8C73x+L8vW3D0uOp43 9MKUVAm6SMZXvYQA2P5+q15gxVUs0uhT69gHTrUMPHqPvARxZK5vpY+n3Phys9CZw84WaXcz qLjvmpKqqs/ody3r7caXZcN7eg3sihI0ud6R3UufM4WJ1UV8YLdwIi8dRMx0ozzjw+3E5ji0 gatXhhdZ9N7MsEOfy2o4IxukxJSvsDO9WRqIY2PgyXHlpiM026hhXiJRyCeV0TN1MAwId8YM 2+Ujce9n+Cu78d8+1lLVx82kvArm5zEL/Dj9b4SAZbyzQd5JzkiEWcYtZvTBG+NiAXgm9DR9 i4IC0TuEXfxT+vuriDKYhlyXzPhvaCngIkQ574YwGOrbjfCsSvZCrrSHtb+Mw1uC7kNvegfW 9ZUegD7knKXCt+4AX1xP27JB+ERdFoi7Ri7ROZLJB3Ne8oDS/aN40roKHj8mkm15lAMwrYB1 7ct/J8UCfQH4eagW8SwS2M6Tut6B4VWG+wARAQABwsF8BBgBCAAmFiEEfSEIcxY9kDeZvSZs gKrXf6bzAFMFAmSvtwgCGwwFCQeGHpcACgkQgKrXf6bzAFNbXRAAgFwTrMTEZDO79izcm/uU uGBoa3SKkxIwfhjYWwkHoLyr9P8fqRX6NjW///e8YWdLmf1jBESRnQYEbuSvociDpc7CJ57f 3GaKlHZs2ci5u0tqM0H/VKI/cAuPBGXli/unnbozlsU1fU4uZfY/4Tl2P8FNApJh2vbNalIt Mc9l0Iz3d5URPWAe7Pnb29tEVu5TNR/bJg7ihLsTY18XcePkHRRrnPF9ui9egB5FbCAQ/VSg Pl7/kD/PkOT/3kc+C4RhddRMUmPxH0G4hvBPLRuvLgwtaj8vnurN1NxbllzK33ZWkvbUhIrw Qcv23jfhQmg/cpzsQKeyu7L53bgUc4+zYoq/wd3n9SMCO5vTMUrswNqmD4wyopjblCGSeKNy kiiFA70umn5tB+Ra8H5k+n/e2QluKns+DoIg1Hm5chk/emBG42JYTdrMhLFQGZnzJU3WJf1j cVzOFLcqDuq+IwRPJrCZXsLft2O79uU+zbla+RdWd0uIzjbM4R8jch470h5cK61kcaQ7UwSb OpdPyq9PqFl26x2g4jDNmFLAuQDEBJoxmZA2bNfQk+DwYYTuoTItN3F674nb8Fk+tQyXL6fl 5CXOJOTJArKmokrPLcr3HXGUQpfBzXRDuK0UKgn3m9UXq2laaODgswuoZqm0vqWuWIRMm84J Wbiwhrslf0hn78s= In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------lU6F9dopQ6TjWEaPUmMqkHln" X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.12 / 15.00]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_SPAM_SHORT(0.37)[0.366]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; R_DKIM_ALLOW(-0.20)[tuxpowered-net.20230601.gappssmtp.com:s=20230601]; MIME_BASE64_TEXT(0.10)[]; XM_UA_NO_VERSION(0.01)[]; RCVD_TLS_LAST(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; DMARC_NA(0.00)[tuxpowered.net]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; ARC_NA(0.00)[]; HAS_ATTACHMENT(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[tuxpowered-net.20230601.gappssmtp.com:+]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; MID_RHS_MATCH_FROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-pf@freebsd.org]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::229:from] X-Rspamd-Queue-Id: 4TqQwQ5wcDz4plf This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------lU6F9dopQ6TjWEaPUmMqkHln Content-Type: multipart/mixed; boundary="------------uhf6x4AnubkXCzeHJz2JH0qN"; protected-headers="v1" From: Kajetan Staszkiewicz To: "Eugene M. Zheganin" , freebsd-pf@freebsd.org Message-ID: Subject: Re: dumb question about "no state" References: In-Reply-To: --------------uhf6x4AnubkXCzeHJz2JH0qN Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 T24gMjAyNC0wMy0wNSAwOToxMSwgRXVnZW5lIE0uIFpoZWdhbmluIHdyb3RlOg0KDQo+IHBh c3MgcXVpY2sgcHJvdG8gdGNwIGFsbCBmbGFncyBBL0Egbm8gc3RhdGUNCj4gIMKgIFsgRXZh bHVhdGlvbnM6IDExMjU4ODHCoMKgIFBhY2tldHM6IDk3MjgxNMKgwqDCoCBCeXRlczogNDIx MzUwNzU3IFN0YXRlczogDQo+IDgywqDCoMKgIF0NCj4gIMKgIFsgSW5zZXJ0ZWQ6IHVpZCAw IHBpZCAyODE4NyBTdGF0ZSBDcmVhdGlvbnM6IDgywqDCoMKgIF0NCj4gDQo+IG1hbiBwZi5j b25mOg0KPiAgwqDCoMKgwqAgcGFzc8KgIFRoZSBwYWNrZXQgaXMgcGFzc2VkOyBzdGF0ZSBp cyBjcmVhdGVkIHVubGVzcyB0aGUgbm8gc3RhdGUgDQo+IG9wdGlvbiBpcyBzcGVjaWZpZWQu DQo+IA0KPiANCj4gV2h5IGRvZXMgdGhpcyBydWxlIGNyZWF0ZSBzdGF0ZXMgPyBBbSBJIG1p c3JlYWRpbmcvbWlzdW5kZXJzdGFuZGluZyB0aGUgDQo+IHBhcnQgInN0YXRlIGlzIGNyZWF0 ZWQgdW5sZXNzIHRoZSBubyBzdGF0ZSBvcHRpb24gaXMgc3BlY2lmaWVkIiA/DQoNCkFueSBj aGFuY2UgdGhlcmUncyBuYXQsIGJpbmF0IG9yIHJkciBpbnZvbHZlZD8gVXNhZ2Ugb2YgTkFU IGZvcmNlcyANCnN0YXRlZnVsIHRyYWNraW5nLCBldmVuIGlmIHRoZSBwYXNzaW5nIHJ1bGUg ZGVjbGFycyBzdGF0ZWxlc3MgdHJhY2tpbmcuDQoNCi0tIA0KfCBwb3pkcmF3aWFtIC8gcmVn YXJkcyB8IFBvd2VyZWQgYnkgbWFjT1MsIERlYmlhbiBhbmQgRnJlZUJTRCB8DQp8IEthamV0 YW4gU3Rhc3praWV3aWN6IHwgIHd3dzogaHR0cDovL3ZlZ2V0YS50dXhwb3dlcmVkLm5ldCAg IHwNCmAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tXi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tJw0KDQo= --------------uhf6x4AnubkXCzeHJz2JH0qN-- --------------lU6F9dopQ6TjWEaPUmMqkHln Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEfSEIcxY9kDeZvSZsgKrXf6bzAFMFAmXoLPMFAwAAAAAACgkQgKrXf6bzAFPM qA//btAFMBbmgzZh2iBPoa4gju5q3/O8aCQBbqJcBou9Ej9nNla4ogV82lnH40X/BIyfZzW+84ua mnQVDF1enYFi7mf57KyqwsoedxzUtzTVb2nMwBL/+K+WRXKukNUpOwBscoqS4zEP5JWVQAPlqVGm JxH4OO/kffiBof1/DeU/sF6xMWQgLVQUEHc1BDG5XDtuWyk+n2QK3C3vxxWlq8F/aezWXuuaeLmM QrI90sq+CoHagPY3uuGy/CIJRcAZh/NypdrE3hyjcdlssGz85ov0Fz4PL3ujx/CGolzP+QAWB31v jMGiAXkd67PEGJREng+OLHvyfRYt8VAZ1dzlJWJTBUkMey4BUcfc/PapEn1gj1GstGbcGiGxRjGZ YHkhP+qnON3vKj+03u0mf0p61ppEpVWj46414J2u2pPo3I307IxIHs7yj73UIym5rL6TBUHGSfdW JYiRIWy7GPHYeMF4KS8JM2X6huaUpSTJ/dbe7NFU1O024qw6z+LWun6R0Xi/iPTwN9/EssrIlrUO URESv7y5FFKp/lHWp++i1CERGJ99GBYD+zJOMMvGaG/IFyfAVJ9MqXvD/QP3JlqhiW5H/VKO/m2m fBG3ZOHlqItiDFTAST3FUIxD16A75PwjhkyuqQryr7VtmNSsmTPBGXKfQmy7yNo+zZJkcIUMRXXy Ky8= =lzVM -----END PGP SIGNATURE----- --------------lU6F9dopQ6TjWEaPUmMqkHln--