From nobody Sat Nov 18 18:00:23 2023 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SXhQC1CXKz51PyH for ; Sat, 18 Nov 2023 18:00:35 +0000 (UTC) (envelope-from herbert@gojira.at) Received: from mail.bsd4all.net (mail.bsd4all.net [94.130.200.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail.bsd4all.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SXhQ92JVdz3Wvb for ; Sat, 18 Nov 2023 18:00:33 +0000 (UTC) (envelope-from herbert@gojira.at) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gojira.at header.s=mail202005 header.b="wnBTrmy/"; spf=pass (mx1.freebsd.org: domain of herbert@gojira.at designates 94.130.200.20 as permitted sender) smtp.mailfrom=herbert@gojira.at; dmarc=none Date: Sat, 18 Nov 2023 19:00:23 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gojira.at; s=mail202005; t=1700330425; bh=it3CVad3eXpHi9a6arg7dxiK5cKPrYNnFSCDyQun0cI=; h=Date:Message-ID:From:To:Subject:MIME-Version:Content-Type; b=wnBTrmy/FMbCK0HvlPUlklKHnfwxNvoT0OJL8eVeVEDr8Q0hMtPSyRddog84rqqj2 9Ehe4RyUaev+eZf7XjNC6MiaB+xN7ggAULyUxOPKRogZ0yuLWc+YfwDEYO2YFVjUhb BxtjiMqtDr+8rv4KZRZHBxdWSmIOh2sd8O/ZT4vOnoYwFxw/lMglP7snajr7gr6YxY NFnGxQSrHsno5J0GcdGd6OV3hMejGUVIZtzt0q8j88cDdEn2ioy7+MqCGNIiSVpF5y F3BgiyCdp8VCUHpcntfIg9gjiqk+dPPFOYCkS2ebInPYfu1rQA5lr5zfwPcBQ8IAPx X3G2wEg3rIEJg== Message-ID: <87msvbgcw8.wl-herbert@gojira.at> From: "Herbert J. Skuhra" To: freebsd-pf@freebsd.org Subject: Re: pf is broken in stable/14-n265566-4533fa42ad91 arm64 In-Reply-To: References: User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/29.1 Mule/6.0 List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-Spamd-Result: default: False [-2.50 / 15.00]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_ALLOW(-0.20)[+ip4:94.130.200.20]; R_DKIM_ALLOW(-0.20)[gojira.at:s=mail202005]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[freebsd-pf@freebsd.org]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; DKIM_TRACE(0.00)[gojira.at:+]; RCPT_COUNT_ONE(0.00)[1]; DMARC_NA(0.00)[gojira.at]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; ASN(0.00)[asn:24940, ipnet:94.130.0.0/16, country:DE] X-Rspamd-Queue-Id: 4SXhQ92JVdz3Wvb X-Spamd-Bar: -- On Sat, 18 Nov 2023 16:30:09 +0100, void wrote: > > Hi, [originally sent to freebsd-stable but on second thoughts, this should have > gone here] > > This context [1] was on stable/14-n265566 where pf worked fine. Source upgrade > yesterday to stable/14-n265566 and pf is now broken. ??? $ git diff --shortstat 4533fa42ad91 562 files changed, 8663 insertions(+), 3659 deletions(-) > # service pf status > /usr/src/sys/contrib/libnv/nvlist.c:379: Element 'halfopen_states' of type NUMBER doesn't exist. > Abort trap (core dumped) > > To try and debug, I disabled all pf-related things in rc.conf and loader.conf, and tried to > load things manually then apply a very basic pf config file /etc/pf.basic > > # kldload pf > # > # pfctl -nvf /etc/pf.basic > ext_if = "genet0" > block drop in all > pass in on genet0 proto tcp from any to any port = ssh flags S/SA keep state > pass out all flags S/SA keep state > > # pfctl -evf /etc/pf.basic > No ALTQ support in kernel > ALTQ related functions disabled > ext_if = "genet0" > pfctl: DIOCADDRULENV: Argument list too long > > When the problem was first identified, this appeared at the console on bootup: > > ### > Nov 13 12:18:05 redacted kernel: Enabling pfpfctl: DIOCADDRULENV: Argument list too long > Nov 13 12:18:05 redacted kernel: /etc/rc: WARNING: Unable to load /etc/pf.conf. > Nov 13 12:18:05 redacted kernel: /etc/rc: WARNING: Loading fallback rules: block drop log all > Nov 13 12:18:05 redacted kernel: pfctl: DIOCADDRULENV: Argument list too long > Nov 13 12:18:05 redacted kernel: /usr/src/sys/contrib/libnv/nvlist.c:379: Element 'halfopen_states' of type NUMBER doesn't exist. > Nov 13 12:18:05 redacted kernel: Abort trap (core dumped) > Nov 13 12:18:05 redacted kernel: . > > Note the pfpfctl above Can you try a newer revision? I think this is already fixed. PF works fine on my Raspberry Pi 4 Model B Rev 1.2 4GB (stable/14-n265749-51a024c42c4). -- Herbert From nobody Sun Nov 19 02:50:26 2023 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SXw9f5Nnlz514rX for ; Sun, 19 Nov 2023 02:50:30 +0000 (UTC) (envelope-from void@f-m.fm) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4SXw9d4Ndvz3bHT for ; Sun, 19 Nov 2023 02:50:29 +0000 (UTC) (envelope-from void@f-m.fm) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=f-m.fm header.s=fm1 header.b="G/LzUDeL"; dkim=pass header.d=messagingengine.com header.s=fm1 header.b=D29UEetV; spf=pass (mx1.freebsd.org: domain of void@f-m.fm designates 66.111.4.27 as permitted sender) smtp.mailfrom=void@f-m.fm; dmarc=pass (policy=none) header.from=f-m.fm Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 911565C0164 for ; Sat, 18 Nov 2023 21:50:28 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Sat, 18 Nov 2023 21:50:28 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=f-m.fm; h=cc :content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm1; t=1700362228; x=1700448628; bh=3v gvuShdbPYiYB9pdyZCaa5bc0z/hIHFpdleOZso51g=; b=G/LzUDeLjECNobRWyp 5+kUHlPsl2bw1AYw6z4wxzWDHk39UWfbUrQSQKa4Z/z9MR8D/T5L8X77JwPof7wB pTqF4ZrN89/yd8RXj28CApxRTsiVukrq9uu/CGsthS2yiudtv2DwpjUpjMNYgOpk w11yaFbkBjTAigM1MiXqSBDPAF/HwKql71a3e5KiIKQSvxzqGYG4syl1p9Z7HBvb BEHsxJTkOuwrxP4uBymV++waXnz2bi215g5q562UkK3PUil1h47ze5NR+EqowJ54 zK/beCtPbgEnHGBm3GI50g8Sipi3/72kfSy31UAFYi9McaLIenvW55Ilz7oPX3Ec oGBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; t=1700362228; x=1700448628; bh=3vgvuShdbPYiY B9pdyZCaa5bc0z/hIHFpdleOZso51g=; b=D29UEetVW/dhN2wNh589aJ2nhgs/J 9DJZ/IMKqBt22NJx8V9SmbW4+pLMdZSDpP1IT4UlhCG3nKKm+BFxXuknlad93plA X+aricWnP+SCm8hbbBmSmNtYZ+Izc4hccO+aNmW+xDQjojhFeOgPZ1qDl26Z6pY7 6imP/iaegj5h+ytTCydO4xuvRKrJj/4ZOvc+HTqASWRC4O+DZtP9oQgMBTV9mpPA X4PoknsZZasfdmmxkbTUxG0gQjlEjxwqK57e4Lpo2lyP9p1yN2SKQJGquW1W3IpQ f4rJWtb7I7ZaCEBYHNPhOf7kuUrfBpV+WaVcXMLNJ5vR3sW/sEaqDFUww== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrudegfedghedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujgesthdtre dttddtvdenucfhrhhomhepvhhoihguuceovhhoihgusehfqdhmrdhfmheqnecuggftrfgr thhtvghrnhepkeeluddvlefhieelfefggffhffektdehleelgfdugfdvgeekjeejuddthe ehgfeunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhep vhhoihgusehfqdhmrdhfmh X-ME-Proxy: Feedback-ID: i2541463c:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Sat, 18 Nov 2023 21:50:28 -0500 (EST) Date: Sun, 19 Nov 2023 02:50:26 +0000 From: void To: freebsd-pf@freebsd.org Subject: Re: pf is broken in stable/14-n265566-4533fa42ad91 arm64 Message-ID: Mail-Followup-To: freebsd-pf@freebsd.org References: <87msvbgcw8.wl-herbert@gojira.at> List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <87msvbgcw8.wl-herbert@gojira.at> X-Spamd-Result: default: False [-5.00 / 15.00]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_RHS_NOT_FQDN(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[f-m.fm,none]; RWL_MAILSPIKE_EXCELLENT(-0.40)[66.111.4.27:from]; R_DKIM_ALLOW(-0.20)[f-m.fm:s=fm1,messagingengine.com:s=fm1]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.27]; MIME_GOOD(-0.10)[text/plain]; RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.27:from]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; ARC_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_NONE(0.00)[]; FREEMAIL_FROM(0.00)[f-m.fm]; MLMMJ_DEST(0.00)[freebsd-pf@freebsd.org]; DKIM_TRACE(0.00)[f-m.fm:+,messagingengine.com:+]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; FREEMAIL_ENVFROM(0.00)[f-m.fm]; RCVD_VIA_SMTP_AUTH(0.00)[] X-Rspamd-Queue-Id: 4SXw9d4Ndvz3bHT X-Spamd-Bar: ---- On Sat, Nov 18, 2023 at 07:00:23PM +0100, Herbert J. Skuhra wrote: > >$ git diff --shortstat 4533fa42ad91 > 562 files changed, 8663 insertions(+), 3659 deletions(-) > >Can you try a newer revision? I think this is already fixed. >PF works fine on my Raspberry Pi 4 Model B Rev 1.2 4GB >(stable/14-n265749-51a024c42c4). Thanks, error is gone in stable/14-n265749-51a024c42c46 -- From nobody Mon Nov 20 13:05:30 2023 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SYnmp6jS7z51GY6 for ; Mon, 20 Nov 2023 13:05:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SYnmp5ZDxz3dWs for ; Mon, 20 Nov 2023 13:05:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1700485530; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=C0SjG7vIPMjfJgX4Nh9Pg9L/1dtKS4UwfpGlDFyizjA=; b=KwAjNSfsLlC/P1LzaSKoAHz2zAH6vIQ88FxmfUE1Bq8LtuTO9FPAmy1/oMVWRL4bPtblSS X9c/5Td+/thmgj0LOnc/wej8lsoHwfIG3qDLbm4AqNn+UwGfAgPWwvN3Y4LsSfF5gDr0ap 6s/GrXXFkjbNSoz1Ci5oZgeMctNqk7Au7nEPad9HC/o7Tav3vnglpOE09mgjYv5VlQyjUq wRZjjlQMdZIE35p7Anc5a31NMIa43X28RIcdQmullKYhKO26rWS+WH0x64kMZEQRAwamFL GH6HGABzMokS3HSsnLRX2ym2Vi71OT+crAubo3iEQAeyByszcei2XZM8CR530A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1700485530; a=rsa-sha256; cv=none; b=h7+BVvDalpdaeT6D7PxNQfhcUBD5eKqxmpfObAkDBavaLriRJsPDkDgWiusV5WgWDGDjux R1a0j2lLP8/stTY+bcp6AJdZJNQDg7DB8V58iuGlKYEPeIasQ0SQE8QJWMBqdwden0FOHR j7EdNRMms+ZWjmLgfSRh3dJyFsHr2wIqGan2syh2VgfNaSDyLu9RKO0tnMNCafo4bELy+L 4NWjz8HC2/gnDAwH87JEForH5+6snzgVKL9IcGggPp9Oc61qujF5vomBW5aWF3HL4B5EvM TYQuPe1AaDTtcwLGnMaFYdYbeDrzBSEnWclzm/xLkw1v/CuvSqDXlcINismP3w== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SYnmp4XtjztBy for ; Mon, 20 Nov 2023 13:05:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3AKD5Ut0095688 for ; Mon, 20 Nov 2023 13:05:30 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3AKD5UAm095687 for pf@FreeBSD.org; Mon, 20 Nov 2023 13:05:30 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 274850] Packets are disappearing when both PF "divert-to" and "Dnpipe" rules are activated simultaneously Date: Mon, 20 Nov 2023 13:05:30 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274850 --- Comment #5 from commit-hook@FreeBSD.org --- A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3Df831517d862dac2df3110c569b44e8417= c3f0afa commit f831517d862dac2df3110c569b44e8417c3f0afa Author: Igor Ostapenko AuthorDate: 2023-11-17 16:04:01 +0000 Commit: Kristof Provost CommitDate: 2023-11-20 10:30:19 +0000 pf: fix dummynet + ipdivert use case Dummynet re-injects an mbuf with MTAG_IPFW_RULE added, and the same mtag is used by divert(4) as parameters for packet diversion. If according to pf rule set a packet should go through dummynet first and through ipdivert after then mentioned mtag must be removed after dummynet not to make ipdivert think that this is its input parameters. At the very beginning ipfw consumes this mtag what means the same behavior with tag clearing after dummynet. And after fabf705f4b5a pf passes parameters to ipdivert using its personal MTAG_PF_DIVERT mtag. PR: 274850 Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D42609 (cherry picked from commit fe3bb40b9e807d4010617de1ef040ba3aa623487) sys/netpfil/pf/pf.c | 27 +++++++-- tests/sys/netpfil/pf/divert-to.sh | 118 ++++++++++++++++++++++++++++++++++= +++- 2 files changed, 139 insertions(+), 6 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Wed Nov 22 11:16:28 2023 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SZzG51GN2z51PMp for ; Wed, 22 Nov 2023 11:16:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SZzG50GJ9z3bhK for ; Wed, 22 Nov 2023 11:16:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1700651789; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Y9b6x3LNSkbR7V1ue3M2t5xs7RWejU7QqJavmpR1LXo=; b=YztkxT2fQRmBeJ+S6/sQV0nsHtoHfuMdohb9eIkMxF8wzAOEUIObrXPp0lhkfCT9ZwVPmd 9tKeGy127B5v86GCctWBQcmXiIJL311i3Z8oEeFntGjtnRxN8qyTeDe2blxlKpmvp4eXRl 9/frEQTDCiB9uFU3fqpF0oj4jW1qPrf2B6xYc33rzXMYlgBgzgFT3VODtICAv+39zS/HQU MLomxp1uLW9TSr1mTA3BC4oO8d5ATidIb4Nq3ot2lIIfPWq0hpQpzgnIbbmGFL01P+VUa5 L3eTtMV5P/qZYUbtn1cesJ1MRIo9syGH8ndayzdEXi0/pF4tH8JRj7DGcLJF7A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1700651789; a=rsa-sha256; cv=none; b=ZzpdZ8jKnt5yrYav+zTHUDcAT3ZZe4SSGlALfxMZoJVVpelpFunVSZi8SK4VOs7IyleN5i wTtuHg+Knqlh4jSRWdVi3M1q4IO/pdcAnJ7ydP36LT83ZTAJ5VFcdwzaZqhzGF/vjp5r1g eJUKLCxOWJGPyvsQ9hUsRtz6dLgnWXKUnQqOYB4DadQ6qdtMqOZCxtzbXV15nY5qCaN72C EuFsxmIekR1Ejgkt3625uiHAiaAGFccWbov5Oa+QpCTDROReK0+YMvBCWITNDPuIZDgSk6 BXUk1AhBQViWwbNrnu0wXahPjot/oLUwsXtAusPdhutr4hzIGMIQlSorqFfTIQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SZzG46MYcz2J1 for ; Wed, 22 Nov 2023 11:16:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3AMBGShU054091 for ; Wed, 22 Nov 2023 11:16:28 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3AMBGSjB054090 for pf@FreeBSD.org; Wed, 22 Nov 2023 11:16:28 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 265649] [pf]: regression: PF ignores translation settings on gre(4) Date: Wed, 22 Nov 2023 11:16:28 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: eugene@zhegan.in X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D265649 --- Comment #6 from Eugene M. Zheganin --- Doesn't make a difference for gre(4): translation does not happen. Furtherm= ore, I can say that gif(4) is also affected. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Thu Nov 23 13:31:00 2023 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SbfBr6MZpz518sL for ; Thu, 23 Nov 2023 13:31:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SbfBr5DsTz3V5S for ; Thu, 23 Nov 2023 13:31:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1700746260; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=O5fFOA1HJ9VFFJlGhTwZ58z3cxk0ibmgC5rX9lYzSi8=; b=qU8asFnngU9t4qttlN9U4CHoltFlycXpLyqSdiAuXKKmAXqMn7JSILWu8iVqcVDDWbMTZz Gq1af7VzeYmO/Zh0R1U//oviPXvPTlGdBWqb3mHPlpxIRA0M3HH0DpRbWKW3+oPXqH+Qvf s+tKE52duR1NJEd98AWYeF7hhuTL7HbuFd6AKRVC6LEZaAioWfHTug8lqogUyOX4G0VUXp kW6my0T1SMkSHdtQL3pjDchf7ipcJ+kjCKpe7KY9ZOj7Dp1dLzfyImHXdpNEBVxqV2hN03 C8fq/xktcL2UKsYL+lh3xvKtnso5tMkOvolyLE/SO8pdGNpLVN1wCqDo4HpTow== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1700746260; a=rsa-sha256; cv=none; b=Aj3bGhA01OHzHCPU6xyi9RrQFctUoiTwQguul2cK4SL4uGJbeRs07RzcVAvphpytghI0Xf b7Qcs6GJLsI47iCrH5jnp9sJtFzy1O2HPmQOfghseG/CAE31rToO+cd6jBfpiBLOjM6xWI c6XhLPpciMidd7rQLgFVTpd3k5xrdfmYZxG425Im17yTnlvNgVpsxHUOVp3EbBFdquR9xU mAPHHNeUxsN9oaJ0vHjknvvyHvv12FQqtAxGQFNBmQm3a7lEg4FMjZpESkbzGtMde720q2 //OJci9wMweafOXdfeb8sD2/nkvv73ngBJQBBh6Z87jEkpBhqyH/RpmYAEhOOQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SbfBr4J1kz138l for ; Thu, 23 Nov 2023 13:31:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3ANDV0Dr068893 for ; Thu, 23 Nov 2023 13:31:00 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3ANDV0mK068892 for pf@FreeBSD.org; Thu, 23 Nov 2023 13:31:00 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 275280] PF `route-to` and `dnpipe` are not works on the same rule Date: Thu, 23 Nov 2023 13:31:00 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: burak.sn@outlook.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter cc Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275280 Bug ID: 275280 Summary: PF `route-to` and `dnpipe` are not works on the same rule Product: Base System Version: 14.0-RELEASE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: burak.sn@outlook.com CC: pf@FreeBSD.org Hi, I am trying to implement IP-based speed limiting on PF using the `route-to`= and `dnpipe` options simultaneously within a single PF rule. igc0(WAN2) ---- ip: 192.168.11.240/24 gw: 192.168.11.1 (default gw)pppoe_igc1(WAN1) ---- 88.88.88.88/32 --> 100.64.255.2 igc3(LAN) ---- ip: 192.168.1.1/24 When I didn't use `route-to`, the traffic passed through the default gatewa= y, and speed limiting worked successfully. pass in log quick on igc3 inet from 192.168.1.236 to any flags S/SA keep st= ate label "user_rule_98" ridentifier 98 dnpipe(1006, 6) However, when I applied both route-to and dnpipe options, the traffic was recognized by PF as coming from WAN2 (igc0), as shown in the tcpdump logs below, and the traffic didn't pass through WAN2. WAN2 was forced to pass through WAN1 by route-to. pass in log quick on igc3 route-to (igc0 192.168.11.1) inet from 192.168.1.= 236 to any flags S/SA keep state label "user_rule_99" ridentifier 99 dnpipe(100= 6, 6) Thanks in advance. # tcpdump -i pppoe_igc1 icmp and host 8.8.8.8 -n tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on pppoe_igc1, link-type NULL (BSD loopback), snapshot length 262= 144 bytes 15:52:28.652269 IP 192.168.11.240 > 8.8.8.8: ICMP echo request, id 50880, s= eq 102, length 64 15:52:29.654263 IP 192.168.11.240 > 8.8.8.8: ICMP echo request, id 50880, s= eq 103, length 64 15:52:30.658265 IP 192.168.11.240 > 8.8.8.8: ICMP echo request, id 50880, s= eq 104, length 64 ##dnpipe limiters## # dnctl pipe 6 show 00006: 10.000 Mbit/s 0 ms burst 0=20 q131078 50 sl. 0 flows (1 buckets) sched 65542 weight 0 lmax 0 pri 0 dropt= ail sched 65542 type FIFO flags 0x1 64 buckets 0 active mask: 0x00 0x00000000/0x0000 -> 0xffffffff/0x0000 # dnctl pipe 1006 show 01006: 512.000 Kbit/s 0 ms burst 0=20 q132078 50 sl. 0 flows (1 buckets) sched 66542 weight 0 lmax 0 pri 0 dropt= ail sched 66542 type FIFO flags 0x1 64 buckets 0 active mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000 --=20 You are receiving this mail because: You are on the CC list for the bug.= From nobody Thu Nov 23 16:44:19 2023 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SbkTw1gtzz51wt6 for ; Thu, 23 Nov 2023 16:44:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SbkTv6KVkz4cDf for ; Thu, 23 Nov 2023 16:44:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1700757859; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Nt4kMQ57WhjkK6NQLv794qjuFZT4pvHQffBDRlICRCM=; b=Ff81ONCC7+Z/zWexaz1rxYpqyZ4aE2i9EE/57MhAZ/syvpce+u/QMgaKlQFFkUpNX//vwh Fk/ysRN5xzcuLHTsObnbqbHhmbjbGehVBc4XjaXhRNrJycCaE3bg/o9zfgfXttT1cRj8h2 NOGKsvALRPW8fpEGvHoVBmbCAFyeLbKJvkVUnMciD5qz5Q9gt+LSMxpKHqrFZlgfY1zWW9 n4mr0RRKRtxy+4NEeTiQ01PzEpLRD6oyzwlxJItdPocCYIvJkIifnFiK51G9I1G/9g59RJ OWUHf5uPD+m5WFvwMNegHsHKnuesEB2GM/cOmLwJ/bEkez2uryPXCrZ4Foqd1w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1700757859; a=rsa-sha256; cv=none; b=Bxny7iPCVTKmjV4GKiAoOKfLLPbvbyV/XoFWW7feHvaH2+iuQMfaAx4C9MLY0UBc8tyvtm eKvoX0NhTESVxMArHU916TgH6FIPT46yDNcvlA83qeziZlRCHKVql6/kX4/cL5OEEc9Ha0 403brt7z02He5dJq9zboCSVn9zWmTBS4LGaCE3O/cOZHpHjLdFDUzWVXlzntr6eJIEGmqx 4mTXd4XJb6OI5gJzbzg36syiL5ZK+wHjTj9h9nIVx6Fj7m1Ued0xny7akUWVYdVRMRA2oH LIKipzzFnUHLeK2wEMSiJBe9opyWsuQf9awERoZwOjMIrUKHNDSGTuRvgZnxNQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SbkTv5PmVz18k6 for ; Thu, 23 Nov 2023 16:44:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3ANGiJMg020458 for ; Thu, 23 Nov 2023 16:44:19 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3ANGiJLa020457 for pf@FreeBSD.org; Thu, 23 Nov 2023 16:44:19 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 275280] PF `route-to` and `dnpipe` are not works on the same rule Date: Thu, 23 Nov 2023 16:44:19 +0000 X-Bugzilla-Reason: AssignedTo CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275280 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |pf@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug.=