From owner-freebsd-pf@FreeBSD.ORG Mon Nov 9 11:07:00 2009 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C01A10656A6 for ; Mon, 9 Nov 2009 11:07:00 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E4D1E8FC0C for ; Mon, 9 Nov 2009 11:06:59 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nA9B6xsQ079077 for ; Mon, 9 Nov 2009 11:06:59 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nA9B6xj2079075 for freebsd-pf@FreeBSD.org; Mon, 9 Nov 2009 11:06:59 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 9 Nov 2009 11:06:59 GMT Message-Id: <200911091106.nA9B6xj2079075@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Nov 2009 11:07:00 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/121704 pf [pf] PF mangles loopback packets o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 36 problems total. From owner-freebsd-pf@FreeBSD.ORG Thu Nov 12 22:32:09 2009 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D3207106566B; Thu, 12 Nov 2009 22:32:09 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id A9C838FC15; Thu, 12 Nov 2009 22:32:09 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nACMW94U014287; Thu, 12 Nov 2009 22:32:09 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nACMW9Fu014283; Thu, 12 Nov 2009 22:32:09 GMT (envelope-from linimon) Date: Thu, 12 Nov 2009 22:32:09 GMT Message-Id: <200911122232.nACMW9Fu014283@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-pf@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/140512: [pf] pf doesn't block udp packets on multicast addresses X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Nov 2009 22:32:09 -0000 Old Synopsis: pf doesn't block udp packets on multicast addresses New Synopsis: [pf] pf doesn't block udp packets on multicast addresses Responsible-Changed-From-To: freebsd-bugs->freebsd-pf Responsible-Changed-By: linimon Responsible-Changed-When: Thu Nov 12 22:31:46 UTC 2009 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=140512 From owner-freebsd-pf@FreeBSD.ORG Thu Nov 12 22:49:29 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7DE941065670 for ; Thu, 12 Nov 2009 22:49:29 +0000 (UTC) (envelope-from cbuechler@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.152]) by mx1.freebsd.org (Postfix) with ESMTP id 1292F8FC1A for ; Thu, 12 Nov 2009 22:49:28 +0000 (UTC) Received: by fg-out-1718.google.com with SMTP id e12so2061708fga.13 for ; Thu, 12 Nov 2009 14:49:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to :content-type; bh=AOOlkkJ05/rLVMhzi3YmZ6fCa4tEGk6M7Tk+KUW3y9s=; b=BLhoMfEK07zyVc6rzmjThNarRxHgC1s0+LObprupsa8ZAV6NlshXc+tSk4l8sN7zM+ 1jb/6bvGMjjqecCXOdpEy6dm5sq6qALzrtkRMhce2aUmKWdjQUM4/2ZncqVp9D+a40aO 3bVJq7MilBS5DVY/DZUKeO46Y9SobYyqI/exA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; b=U2fN96lf2u5EXaA/EPgLaTtHHE9iKtZbz1Mt9dGf6hDXN0d9lcm4wgFmEPy7vj4di9 T4Cl7SO8dVOOkURm17m2dehmjQs8nSgJqV5AAK+50bcAZ2hs8xOi1sDwfOU2iky4QiIj tNLu+cPmE4B5U6oovgxayUsJACsTz/vBhkNkc= MIME-Version: 1.0 Sender: cbuechler@gmail.com Received: by 10.239.153.203 with SMTP id a11mr388542hbc.119.1258066167753; Thu, 12 Nov 2009 14:49:27 -0800 (PST) In-Reply-To: <200911122232.nACMW9Fu014283@freefall.freebsd.org> References: <200911122232.nACMW9Fu014283@freefall.freebsd.org> Date: Thu, 12 Nov 2009 17:49:27 -0500 X-Google-Sender-Auth: f2f05801d8b5a8f7 Message-ID: From: Chris Buechler To: freebsd-bugs@freebsd.org, freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Cc: Subject: Re: kern/140512: [pf] pf doesn't block udp packets on multicast addresses X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Nov 2009 22:49:29 -0000 On Thu, Nov 12, 2009 at 5:32 PM, wrote: > Old Synopsis: pf doesn't block udp packets on multicast addresses > New Synopsis: [pf] pf doesn't block udp packets on multicast addresses > This isn't a legit PR, tcpdump shows traffic before it's evaluated by the ruleset. From owner-freebsd-pf@FreeBSD.ORG Fri Nov 13 08:21:54 2009 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3BC57106568D; Fri, 13 Nov 2009 08:21:54 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 1480B8FC1B; Fri, 13 Nov 2009 08:21:54 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nAD8Lr8j056318; Fri, 13 Nov 2009 08:21:53 GMT (envelope-from remko@freefall.freebsd.org) Received: (from remko@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nAD8LrxE056310; Fri, 13 Nov 2009 08:21:53 GMT (envelope-from remko) Date: Fri, 13 Nov 2009 08:21:53 GMT Message-Id: <200911130821.nAD8LrxE056310@freefall.freebsd.org> To: sdalu@sdalu.com, remko@FreeBSD.org, freebsd-pf@FreeBSD.org From: remko@FreeBSD.org Cc: Subject: Re: kern/140512: [pf] pf doesn't block udp packets on multicast addresses X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Nov 2009 08:21:54 -0000 Synopsis: [pf] pf doesn't block udp packets on multicast addresses State-Changed-From-To: open->closed State-Changed-By: remko State-Changed-When: Fri Nov 13 08:21:53 UTC 2009 State-Changed-Why: Traffic is being shown before hitting the firewall rule. (Chris Buechler) http://www.freebsd.org/cgi/query-pr.cgi?pr=140512