From nobody Fri Sep 6 12:49:32 2024 X-Original-To: standards@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X0bf51zN5z5Txxd for ; Fri, 06 Sep 2024 12:49:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X0bf50TQVz49fK for ; Fri, 6 Sep 2024 12:49:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725626973; a=rsa-sha256; cv=none; b=n6kb2vW6OKUABWab+Z8qWdFqJEsGDbQRumJlvXOLNsCSEYtQfJl6scoWWvmZkcrvkHRJ/J u1bWGCxIrAPFeZikIcO5MjtUUJZG7BQHdL+RKfBVmYQtIMd9ocAR1tjREOr/mD8D4QR9ic 9Ryj88PLkSgYnRnHK3vgmUPyzfbU7JJmDEywj1auTWeXDKfWyGOqEYpF52YTgo8OD1z/KS OLzTqiauLt5Iqa+vl5xLCUFhqYvFrL+O7cU9glBrbYx6dB4IQcPbn3BAP2404lkQyCmZDr DSVmvysTs7XjinK4xkXxV+tdZtGh/Z1tF3VirrGxTtqI21hyswyRGmkrZusxww== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725626973; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ktTvvWbWJcYKErSPoATRjzy4QNC/B7zFAwnvwm56DFg=; b=QgzCHyVI+x7fKudTR7OzrEigx66Mdxrz8CX11kj8ouD4fey1GJncCPTu9tyQYxw+krGLmQ m+SOOUtEm6aMusLD8sUqOEFeCf9TgMcpnx41BFSznCObAvFizgJf8IztdaoYKnnr/hPKjo 6D5tg8gMvio3b1MggqzeIrBCWWixxZyFCx1vWRt4sLxZZdkzGW71UW0qgcJtlgw4LJAS8o p9kbBWVuVIm9fjlAB8b1tmM0CY9ddqammM7exiLG4w1E7X7/WME2/h9qaw9CaQKOF4Cv2U UzObHaUG9YycEkIY50NCl+5lOdNPxrDhp27GbLE+I5XykAU6Tp80oND2y+9cCg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4X0bf45KG2zsKj for ; Fri, 6 Sep 2024 12:49:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 486CnW5P056909 for ; Fri, 6 Sep 2024 12:49:32 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 486CnWuD056906 for standards@FreeBSD.org; Fri, 6 Sep 2024 12:49:32 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: standards@FreeBSD.org Subject: [Bug 219803] [patch] PF: implement RFC 4787 REQ 1 and 3 (full cone NAT) Date: Fri, 06 Sep 2024 12:49:32 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Standards compliance List-Archive: https://lists.freebsd.org/archives/freebsd-standards List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-standards@freebsd.org Sender: owner-freebsd-standards@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219803 --- Comment #17 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D390dc369efaaeca2802baf168ddbd7a40= e3afcc8 commit 390dc369efaaeca2802baf168ddbd7a40e3afcc8 Author: Tom Jones AuthorDate: 2024-09-06 11:59:09 +0000 Commit: Tom Jones CommitDate: 2024-09-06 12:48:04 +0000 pf: Add support for endpoint independent NAT bindings for UDP With Endpoint Independent NAT bindings for UDP flows from a NATed source address are always mapped to the same ip:port pair on the NAT router. This allows a client to connect to multiple external servers while appearing as the same host and enables NAT traversal without requiring the client to use a middlebox traversal protocol such as STUN or TURN. Introduce the 'endpoint-independent' option to NAT rules to allow configuration of endpoint independent without effecting existing deployments. This change satisfies REQ 1 and 3 of RFC 4787 also known as 'full cone' NAT. Using Endpoint Independent NAT changes NAT exhaustion behaviour it does not introduce any additional security considerations compared to other forms of NAT. PR: 219803 Co-authored-by: Damjan Jovanovic Co-authored-by: Naman Sood Reviewed-by: kp Sponsored-by: Tailscale Sponsored-by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D11137 sbin/pfctl/parse.y | 12 +- sbin/pfctl/pfctl_parser.c | 2 + sbin/pfctl/tests/files/pf1021.in (new) | 1 + sbin/pfctl/tests/files/pf1021.ok (new) | 1 + share/man/man4/pf.4 | 6 +- share/man/man5/pf.conf.5 | 12 +- sys/net/pfvar.h | 49 ++++++++- sys/netpfil/pf/pf.c | 195 +++++++++++++++++++++++++++++= +++- sys/netpfil/pf/pf.h | 1 + sys/netpfil/pf/pf_lb.c | 104 ++++++++++++++---- tests/sys/netpfil/pf/nat.sh | 134 ++++++++++++++++++++++ 11 files changed, 489 insertions(+), 28 deletions(-) --=20 You are receiving this mail because: You are on the CC list for the bug.= From nobody Sun Sep 8 21:00:04 2024 X-Original-To: standards@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X22R84D3Cz5W6cb for ; Sun, 08 Sep 2024 21:00:04 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X22R822rPz4Nmv for ; Sun, 8 Sep 2024 21:00:04 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1725829204; a=rsa-sha256; cv=none; b=EOMeNLWVCC5pRMA6+yTR6xcEA/jhsUgbUV930e9itVQ0TFtYuW6jyHA7EovZBQOLXNiGzl 3LLG8e8OrV39VYUgGtrwQtCekek0ICW28/u9n28OcTdI70EeSZa9oPVKsYpoVRltadxU9C p6Da/wsE9+nMxtaGV3nzUatJyAImr1thYR2B84lWnToOQelKKjCfq27hO0YdaMRijSrHyO GYv1O6/rz4Y6gHBrLGhzQOXDhdY9mIUMQQxviIlk03fVpCGHlH5K7h9KixmcZlYSBBLXzD gzpO0zBnCaTT7DUupLOC1o5ffkOlQiy10ccSTqUU9Our5McHu7IppD5kuTCJqA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1725829204; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tXcz8hKJuIqlQSbGmPWLrSAm95ioX7qy3w5aQIXTt7M=; b=jn3Szr6vTjTgaEhLW4eFCxSVh8O2VGj8XT4H0EEQd0p5Pa8iEB22HKQ+aBcVqS0+WcErFX lR6yi6+RvbZmHBLxs4Pdqck7vWatDc2EjXDMVHlOBdxZsi8xKyN6gghKS1r0ERuO6dog6e aHnGSbG143BQI8UDeoTOjbCA4WDMoJIy2BLTsX+0eSyAqE9lE3D7pcveLsEym7Gh069lb+ mW2N4jPqgILjJcjKw57ixZ3FTlRhTLdN+UrgMdDVJGsKO1VF7gU11y4uM5z1dv7GQIj56r 5p0z+j0uTdlP2CtY4c5ui3P4bwUUa0UwbE4sRAVaR9EGtTesAXe/VTARj5mong== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4X22R81fwVzZmS for ; Sun, 8 Sep 2024 21:00:04 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 488L049p067680 for ; Sun, 8 Sep 2024 21:00:04 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 488L04bD067673 for standards@FreeBSD.org; Sun, 8 Sep 2024 21:00:04 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <202409082100.488L04bD067673@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: standards@FreeBSD.org Subject: Problem reports for standards@FreeBSD.org that need special attention Date: Sun, 8 Sep 2024 21:00:04 +0000 List-Id: Standards compliance List-Archive: https://lists.freebsd.org/archives/freebsd-standards List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-standards@freebsd.org Sender: owner-freebsd-standards@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="17258292040.6Df4A7e6e.65988" Content-Transfer-Encoding: 7bit --17258292040.6Df4A7e6e.65988 Date: Sun, 8 Sep 2024 21:00:04 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- Open | 46441 | sh(1): Does not support PS1, PS2, PS4 parameter e 1 problems total for which you should take action. --17258292040.6Df4A7e6e.65988 Date: Sun, 8 Sep 2024 21:00:04 +0000 MIME-Version: 1.0 Content-Type: text/html; charset="UTF-8" 
The following is a listing of current problems submitted by FreeBSD users,
which need special attention. These represent problem reports covering
all versions including experimental development code and obsolete releases.

Status      |    Bug Id | Description
------------+-----------+---------------------------------------------------
Open        |     46441 | sh(1): Does not support PS1, PS2, PS4 parameter e

1 problems total for which you should take action.
--17258292040.6Df4A7e6e.65988--