From owner-freebsd-pf@FreeBSD.ORG  Sun Mar 22 00:48:57 2015
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C869027F
 for <freebsd-pf@freebsd.org>; Sun, 22 Mar 2015 00:48:57 +0000 (UTC)
Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits))
 (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 85EA216A
 for <freebsd-pf@freebsd.org>; Sun, 22 Mar 2015 00:48:57 +0000 (UTC)
Received: from [10.248.64.94] (unknown [210.160.37.27])
 by venus.codepro.be (Postfix) with ESMTPSA id 3CEECB706;
 Sun, 22 Mar 2015 01:48:51 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2090\))
Subject: Re: PF IPv6 fragments handling
From: Kristof Provost <kristof@sigsegv.be>
In-Reply-To: <550DEC94.4040805@bluerosetech.com>
Date: Sun, 22 Mar 2015 09:48:46 +0900
Content-Transfer-Encoding: quoted-printable
Message-Id: <7EA47C5D-E783-408B-8A70-9F02F5348839@sigsegv.be>
References: <20150203202519.GD2167@vega.codepro.be>
 <20150209232416.GB37777@vega.codepro.be>
 <20150314020500.GW1975@vega.codepro.be> <5506DFFB.7050302@FreeBSD.org>
 <20150317011507.GC2036@vega.codepro.be> <550DEC94.4040805@bluerosetech.com>
To: list_freebsd@bluerosetech.com
X-Mailer: Apple Mail (2.2090)
Cc: freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Mar 2015 00:48:57 -0000


> On 22 Mar 2015, at 07:11, list_freebsd@bluerosetech.com wrote:
>=20
> On 2015-03-16 18:15, Kristof Provost wrote:
>> On 2015-03-16 09:51:55 (-0400), Eric van Gyzen <vangyzen@FreeBSD.org> =
wrote:
>>> Here is a brainstorm that might give the best of both:  Return the
>>> reassembled packet from PFIL_IN, but with the original fragment =
chain
>>> stashed in metadata.  Most of the stack operates on the single,
>>> reassembled packet.  ip6_output() sends the original fragment chain.
>>> Sure, it uses more memory, but reduced CPU time might be worth it.
>>>=20
>> It's an interesting idea. There are a number of advantages (like not
>> modifying the fragment ID or the sizes of each packet).
>>=20
>> It won't reduce CPU usage though because we'd have to copy the packet
>> which is something we don't do at the moment.
>=20
> Why would you need to copy the packet in order to store a list of =
fragment IDs and offsets?
>=20
That=E2=80=99s how I read Eric=E2=80=99s suggestion. We could indeed =
limit ourselves to storing just the fragment IDs and offsets. That=E2=80=99=
d be an improvement over copying the packet.

> You need that information anyway for refragmentation because an IPv6 =
router is not supposed to fragments.  I'd interpret that to mean the =
fragmentation pattern coming out of pf should match what went in.  A =
later hop wouldn't be able to send back a meaningful PTB message =
otherwise.
>=20
Agreed. We actually already do it mostly that way. It=E2=80=99s just =
that we only store the size of the largest fragment. That=E2=80=99s not =
quite as good as storing all fragment sizes, but it does mean we don=E2=80=
=99t break Path MTU.

I=E2=80=99ll see if I can take a stab at doing things that way, so we =
can see if that=E2=80=99s an improvement over my current proposal (i.e. =
delay the size check until after the pfil hook in ip6_output()).

Regards,
Kristof


From owner-freebsd-pf@FreeBSD.ORG  Tue Mar 24 10:34:01 2015
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id EFFACB2B
 for <freebsd-pf@freebsd.org>; Tue, 24 Mar 2015 10:34:01 +0000 (UTC)
Received: from swatch.464695.com (swatch.464695.com [104.148.9.119])
 by mx1.freebsd.org (Postfix) with ESMTP id 9CD20F74
 for <freebsd-pf@freebsd.org>; Tue, 24 Mar 2015 10:34:01 +0000 (UTC)
To: freebsd-pf@freebsd.org
Subject: Are you interested in photo retouching?
Message-ID: <73c51ba38f7a3466097b5c215befc776@lowes.com>
Date: Tue, 24 Mar 2015 08:35:34 +0100
From: "Harry" <xuegao@mail.com>
Reply-To: dinglingcon@sina.com
MIME-Version: 1.0
X-Mailer-LID: 5
X-Mailer-RecptId: 6480528
X-Mailer-SID: 171
X-Mailer-Sent-By: 1
Content-Type: text/plain; format=flowed; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2015 10:34:02 -0000

How are you? Are you interested in photo retouching or other photo editing
solutions?

We specialize in providing below photo retouching services:
Photoshop photos editing/retouching
Jewelry photos retouching
Ecommerce products photo editing
Photo cutting out/clipping path
Beauty/skin retouching,
Wedding photo editing and photo background manipulation.

You can send us a photo for free testing and check our quality
Waiting for your soonest response.

Best regards,
Harry
Email: markedit@tom.com


From owner-freebsd-pf@FreeBSD.ORG  Wed Mar 25 02:09:02 2015
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id AF5D5F4F
 for <freebsd-pf@FreeBSD.org>; Wed, 25 Mar 2015 02:09:02 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 95F2DE0D
 for <freebsd-pf@FreeBSD.org>; Wed, 25 Mar 2015 02:09:02 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t2P292D7023997
 for <freebsd-pf@FreeBSD.org>; Wed, 25 Mar 2015 02:09:02 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-pf@FreeBSD.org
Subject: [Bug 198868] pf brakes tcp checksum if enabled for ue adapter
Date: Wed, 25 Mar 2015 02:09:01 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.1-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: linimon@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: assigned_to
Message-ID: <bug-198868-17777-oJW2UkugJF@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-198868-17777@https.bugs.freebsd.org/bugzilla/>
References: <bug-198868-17777@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2015 02:09:02 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198868

Mark Linimon <linimon@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|freebsd-bugs@FreeBSD.org    |freebsd-pf@FreeBSD.org

-- 
You are receiving this mail because:
You are the assignee for the bug.

From owner-freebsd-pf@FreeBSD.ORG  Thu Mar 26 01:29:02 2015
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 1AA4C7EF
 for <freebsd-pf@FreeBSD.org>; Thu, 26 Mar 2015 01:29:02 +0000 (UTC)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 00458E6
 for <freebsd-pf@FreeBSD.org>; Thu, 26 Mar 2015 01:29:02 +0000 (UTC)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t2Q1T1aQ016973
 for <freebsd-pf@FreeBSD.org>; Thu, 26 Mar 2015 01:29:01 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-pf@FreeBSD.org
Subject: [Bug 193568] PF rdr rule with ipv6 does not work
Date: Thu, 26 Mar 2015 01:29:01 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 9.3-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: j.david.lists@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-193568-17777-B8iJLjDrJX@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-193568-17777@https.bugs.freebsd.org/bugzilla/>
References: <bug-193568-17777@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2015 01:29:02 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193568

j.david.lists@gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |j.david.lists@gmail.com

--- Comment #1 from j.david.lists@gmail.com ---
This is a duplicate of 179392.

FreeBSD 9 + PF + IPv6 has been hopelessly broken for years and nobody cares.  A
fix for this particular issue was eventually developed, but is currently not
available available in any released version.

To resolve this issue, your choices are to downgrade to 8.4 or upgrade to
10-STABLE.  The fix should be in 10.2 in late 2015 / early 2016.

-- 
You are receiving this mail because:
You are the assignee for the bug.

From owner-freebsd-pf@FreeBSD.ORG  Thu Mar 26 15:33:27 2015
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 2321A858
 for <freebsd-pf@freebsd.org>; Thu, 26 Mar 2015 15:33:27 +0000 (UTC)
Received: from phabric-backend.isc.freebsd.org
 (phabric-backend.isc.freebsd.org [IPv6:2001:4f8:3:ffe0:406a:0:50:2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id F3CC7AC3
 for <freebsd-pf@freebsd.org>; Thu, 26 Mar 2015 15:33:26 +0000 (UTC)
Received: from phabric-backend.isc.freebsd.org
 (phabric-backend.isc.freebsd.org [127.0.1.5])
 by phabric-backend.isc.freebsd.org (8.14.9/8.14.9) with ESMTP id
 t2QFXQbN058570
 for <freebsd-pf@freebsd.org>; Thu, 26 Mar 2015 15:33:26 GMT
 (envelope-from root@phabric-backend.isc.freebsd.org)
Received: (from root@localhost)
 by phabric-backend.isc.freebsd.org (8.14.9/8.14.9/Submit) id t2QFXQJk058569;
 Thu, 26 Mar 2015 15:33:26 GMT (envelope-from root)
Date: Thu, 26 Mar 2015 15:33:26 +0000
To: freebsd-pf@freebsd.org
From: "rodrigc (Craig Rodrigues)" <phabric-noreply@FreeBSD.org>
Subject: [Differential] [Updated] D1944: PF and VIMAGE fixes
Message-ID: <b451fd50c29b9950bd67552c51e86dcb@localhost.localdomain>
X-Priority: 3
Thread-Topic: D1944: PF and VIMAGE fixes
X-Herald-Rules: none
X-Phabricator-To: <PHID-USER-cc3fb6vejhnh7xhqtpkr>
X-Phabricator-To: <PHID-USER-sfbxp2cksgub2ywlvupr>
X-Phabricator-To: <PHID-USER-ug3kdqciycpghwfscl6v>
X-Phabricator-To: <PHID-USER-wsgmn2xibp2yi52xz6fn>
X-Phabricator-To: <PHID-USER-d4twv4w2hsoq7prc6boa>
X-Phabricator-To: <PHID-USER-ogl2udicsobdviqdulu3>
X-Phabricator-To: <PHID-USER-2q5asccazp7ohcpzdm6o>
X-Phabricator-To: <PHID-USER-ejqqvwsrqxen3vd3xete>
X-Phabricator-Cc: <PHID-MLST-crbi54kg7ihel5ezzzmu>
X-Phabricator-Cc: <PHID-MLST-5lcr2rqsbmuavxbsw4mm>
X-Phabricator-Cc: <PHID-MLST-c3bj6mfydtlqmuethodc>
In-Reply-To: <differential-rev-PHID-DREV-clct73g5zt63yh3lvwzr-req@FreeBSD.org>
References: <differential-rev-PHID-DREV-clct73g5zt63yh3lvwzr-req@FreeBSD.org>
Thread-Index: NDc2NzM0MzY4OTdiYThiNTU1MjY2ZDZmMTJiIFUUJsY=
X-Phabricator-Sent-This-Message: Yes
X-Mail-Transport-Agent: MetaMTA
X-Auto-Response-Suppress: All
X-Phabricator-Mail-Tags: <differential-reviewers>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="utf-8"
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2015 15:33:27 -0000

rodrigc added a reviewer: kristof.

REVISION DETAIL
  https://reviews.freebsd.org/D1944

To: nvass-gmx.com, gnn, bz, zec, trociny, glebius, rodrigc, kristof
Cc: freebsd-virtualization, freebsd-pf, freebsd-net

From owner-freebsd-pf@FreeBSD.ORG  Thu Mar 26 21:24:34 2015
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C796CCEF
 for <freebsd-pf@freebsd.org>; Thu, 26 Mar 2015 21:24:34 +0000 (UTC)
Received: from phabric-backend.isc.freebsd.org
 (phabric-backend.isc.freebsd.org [IPv6:2001:4f8:3:ffe0:406a:0:50:2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A3F38C61
 for <freebsd-pf@freebsd.org>; Thu, 26 Mar 2015 21:24:34 +0000 (UTC)
Received: from phabric-backend.isc.freebsd.org
 (phabric-backend.isc.freebsd.org [127.0.1.5])
 by phabric-backend.isc.freebsd.org (8.14.9/8.14.9) with ESMTP id
 t2QLOYAF054587
 for <freebsd-pf@freebsd.org>; Thu, 26 Mar 2015 21:24:34 GMT
 (envelope-from root@phabric-backend.isc.freebsd.org)
Received: (from root@localhost)
 by phabric-backend.isc.freebsd.org (8.14.9/8.14.9/Submit) id t2QLOYcP054585;
 Thu, 26 Mar 2015 21:24:34 GMT (envelope-from root)
Date: Thu, 26 Mar 2015 21:24:34 +0000
To: freebsd-pf@freebsd.org
From: "kristof (Kristof Provost)" <phabric-noreply@FreeBSD.org>
Subject: [Differential] [Commented On] D1944: PF and VIMAGE fixes
Message-ID: <226eb16e55155e86f5e53ae2f8d94159@localhost.localdomain>
X-Priority: 3
Thread-Topic: D1944: PF and VIMAGE fixes
X-Herald-Rules: none
X-Phabricator-To: <PHID-USER-cc3fb6vejhnh7xhqtpkr>
X-Phabricator-To: <PHID-USER-sfbxp2cksgub2ywlvupr>
X-Phabricator-To: <PHID-USER-ug3kdqciycpghwfscl6v>
X-Phabricator-To: <PHID-USER-wsgmn2xibp2yi52xz6fn>
X-Phabricator-To: <PHID-USER-d4twv4w2hsoq7prc6boa>
X-Phabricator-To: <PHID-USER-ogl2udicsobdviqdulu3>
X-Phabricator-To: <PHID-USER-2q5asccazp7ohcpzdm6o>
X-Phabricator-To: <PHID-USER-ejqqvwsrqxen3vd3xete>
X-Phabricator-Cc: <PHID-MLST-crbi54kg7ihel5ezzzmu>
X-Phabricator-Cc: <PHID-MLST-5lcr2rqsbmuavxbsw4mm>
X-Phabricator-Cc: <PHID-MLST-c3bj6mfydtlqmuethodc>
In-Reply-To: <differential-rev-PHID-DREV-clct73g5zt63yh3lvwzr-req@FreeBSD.org>
References: <differential-rev-PHID-DREV-clct73g5zt63yh3lvwzr-req@FreeBSD.org>
Thread-Index: NDc2NzM0MzY4OTdiYThiNTU1MjY2ZDZmMTJiIFUUeRI=
X-Phabricator-Sent-This-Message: Yes
X-Mail-Transport-Agent: MetaMTA
X-Auto-Response-Suppress: All
X-Phabricator-Mail-Tags: <differential-comment>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="utf-8"
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2015 21:24:34 -0000

kristof added inline comments.

INLINE COMMENTS
  sys/netpfil/pf/pf_ioctl.c:325 It's not clear to me why this is done here, rather than in pf_unload(). The initialisation is done in pf_load() after all.
  sys/netpfil/pf/pf_ioctl.c:3725 Don't we still need to do all of this somewhere?

REVISION DETAIL
  https://reviews.freebsd.org/D1944

To: nvass-gmx.com, gnn, bz, zec, trociny, glebius, rodrigc, kristof
Cc: freebsd-virtualization, freebsd-pf, freebsd-net

From owner-freebsd-pf@FreeBSD.ORG  Thu Mar 26 23:34:40 2015
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id D1351C0E
 for <freebsd-pf@freebsd.org>; Thu, 26 Mar 2015 23:34:40 +0000 (UTC)
Received: from us.royaserver.com (unknown [162.223.94.228])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9FCE5C56
 for <freebsd-pf@freebsd.org>; Thu, 26 Mar 2015 23:34:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=pahlevanzadeh.org; s=default; 
 h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From:Date:Message-ID;
 bh=UmTFBkS5bubJLaDI9+0iLpnSXKKrtZiVjvgKO+ygMSc=; 
 b=FfYo4ahpg4NRdHhMmjWAmcyLP/WPRBy2+fghxqHiaClEcTZFwsAH6of7lTVpZhQHLDCLSKA5kgZPL9mL6xJ53wtG/N8WXDBCdWB+YHjHRZAfQI6bIuzqMGDWiv1VmS2OgrBu+jg4yNyrPenQQz9mt8b6ReIKxSZILzuF7rFjW/o=;
Received: from [91.98.215.76] (port=58214 helo=[192.168.1.4])
 by us.royaserver.com with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128)
 (Exim 4.85) (envelope-from <mohsen@pahlevanzadeh.org>)
 id 1YbGKy-002MHQ-On
 for freebsd-pf@freebsd.org; Fri, 27 Mar 2015 03:03:17 +0430
Message-ID: <55147B0D.60506@pahlevanzadeh.org>
Date: Fri, 27 Mar 2015 02:03:01 +0430
From: Mohsen Pahlevanzadeh <mohsen@pahlevanzadeh.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Icedove/31.5.0
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
Subject: ip_conntarck in FreeBSD
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse,
 please include it with any abuse report
X-AntiAbuse: Primary Hostname - us.royaserver.com
X-AntiAbuse: Original Domain - freebsd.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - pahlevanzadeh.org
X-Get-Message-Sender-Via: us.royaserver.com: authenticated_id:
 mohsen@pahlevanzadeh.org
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2015 23:34:40 -0000

Dear All,

I need to equivalen of ip_conntarck of netfilter in FreeBSD, Specially, 
maximum connections.
Specially two variable net.ipv4.netfilter.ip_conntrack_count and 
net.ipv4.netfilter.ip_conntrack_max

--Regards
Mohsen

From owner-freebsd-pf@FreeBSD.ORG  Fri Mar 27 08:17:41 2015
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C708CF86
 for <freebsd-pf@freebsd.org>; Fri, 27 Mar 2015 08:17:41 +0000 (UTC)
Received: from ns1.ogris.net (ns1.ogris.net [IPv6:2a00:1348::17:0:0:1])
 by mx1.freebsd.org (Postfix) with ESMTP id 89F4D7AA
 for <freebsd-pf@freebsd.org>; Fri, 27 Mar 2015 08:17:41 +0000 (UTC)
Received: from [81.89.251.80] (fjo-mbp.dts.de [81.89.251.80])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by ns1.ogris.net (Postfix) with ESMTPSA id F084C2C1775;
 Fri, 27 Mar 2015 09:17:31 +0100 (CET)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
Subject: Re: ip_conntarck in FreeBSD
From: "Felix J. Ogris" <fjo-lists@ogris.de>
In-Reply-To: <55147B0D.60506@pahlevanzadeh.org>
Date: Fri, 27 Mar 2015 09:17:29 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <02332EEA-6695-497E-AB5C-E6D135BAF589@ogris.de>
References: <55147B0D.60506@pahlevanzadeh.org>
To: Mohsen Pahlevanzadeh <mohsen@pahlevanzadeh.org>
X-Mailer: Apple Mail (2.2070.6)
Cc: freebsd-pf@freebsd.org
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2015 08:17:41 -0000


> On 26 Mar 2015, at 22:33, Mohsen Pahlevanzadeh =
<mohsen@pahlevanzadeh.org> wrote:
>=20
> Dear All,
>=20
> I need to equivalen of ip_conntarck of netfilter in FreeBSD, =
Specially, maximum connections.
> Specially two variable net.ipv4.netfilter.ip_conntrack_count and =
net.ipv4.netfilter.ip_conntrack_max

Hi,

pfctl -si | grep current
pfctl -sm | grep states    =20

or with bsnmpd running and snmp_pf.so loaded:

snmpget enterprises.12325.1.200.1.3.1
snmpget enterprises.12325.1.200.1.5.1

br,
Felix

> --Regards
> Mohsen
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"


From owner-freebsd-pf@FreeBSD.ORG  Fri Mar 27 18:02:10 2015
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 3CC8F737
 for <freebsd-pf@freebsd.org>; Fri, 27 Mar 2015 18:02:10 +0000 (UTC)
Received: from cdc.co.cu (Webserver.cdc.co.cu [200.55.187.11])
 (using TLSv1 with cipher AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 20431D01
 for <freebsd-pf@freebsd.org>; Fri, 27 Mar 2015 18:02:04 +0000 (UTC)
Received: from [10.10.4.76] by cdc.co.cu (Cipher TLSv1:-SHA:128) (MDaemon PRO
 v13.0.4) with ESMTP id md50000382763.msg
 for <freebsd-pf@freebsd.org>; Fri, 27 Mar 2015 13:59:24 -0400
X-Spam-Processed: cdc.co.cu, Fri, 27 Mar 2015 13:59:24 -0400
 (not processed: message from trusted or authenticated source)
X-Authenticated-Sender: roldanlemus@cdc.co.cu
X-MDRemoteIP: 10.10.4.76
X-Return-Path: prvs=152802782b=roldanlemus@cdc.co.cu
X-Envelope-From: roldanlemus@cdc.co.cu
X-MDaemon-Deliver-To: freebsd-pf@freebsd.org
Message-ID: <1427479157.26039.6.camel@overmind.drydock.local>
Subject: Re: freebsd-pf Digest, Vol 456, Issue 4
From: =?ISO-8859-1?Q?Rold=E1n?= Lemus =?ISO-8859-1?Q?Garc=EDa?=
 <roldanlemus@cdc.co.cu>
To: freebsd-pf@freebsd.org
Date: Fri, 27 Mar 2015 13:59:17 -0400
In-Reply-To: <mailman.93.1427457602.54901.freebsd-pf@freebsd.org>
References: <mailman.93.1427457602.54901.freebsd-pf@freebsd.org>
Content-Type: text/plain
X-Mailer: Evolution 3.4.4-3 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2015 18:02:10 -0000

new