Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 29 Apr 2021 17:18:59 +0200
From:      "Kristof Provost" <kp@FreeBSD.org>
To:        "Shawn Webb" <shawn.webb@hardenedbsd.org>
Cc:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   Re: git: e86bddea9fe6 - main - pf: Split pf_rule into kernel and user space versions
Message-ID:  <3FE30BC8-EA8D-40E9-9D51-2906A6561B50@FreeBSD.org>
In-Reply-To: <20210429151414.iao5i7hjmmztfos6@mutt-hbsd>
References:  <202101052237.105MbsJW081542@gitrepo.freebsd.org> <20210429151414.iao5i7hjmmztfos6@mutt-hbsd>
next in thread | previous in thread | raw e-mail | index | archive | help 

On 29 Apr 2021, at 17:14, Shawn Webb wrote:
> On Tue, Jan 05, 2021 at 10:37:54PM +0000, Kristof Provost wrote:
>> The branch main has been updated by kp:
>>
>> URL: 
>> https://cgit.FreeBSD.org/src/commit/?id=e86bddea9fe62d5093a1942cf21950b3c5ca62e5
>>
>> commit e86bddea9fe62d5093a1942cf21950b3c5ca62e5
>> Author:     Kristof Provost <kp@FreeBSD.org>
>> AuthorDate: 2020-12-05 13:32:54 +0000
>> Commit:     Kristof Provost <kp@FreeBSD.org>
>> CommitDate: 2021-01-05 22:35:36 +0000
>>
>>     pf: Split pf_rule into kernel and user space versions
>>
>>     No functional change intended.
>>
>>     MFC after:      2 weeks
>>     Sponsored by:   Orange Business Services
>>     Differential Revision:  https://reviews.freebsd.org/D27758
>
> Key Kristof,
>
> This commit breaks the security/expiretable port. Specifically, the
> guarding of the pf_state struct, which expiretable uses directly.
>
Yeah, it’s come up before: 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253547

Tl;dr: The expiretable port used a struct it should not have been using. 
That part of the code never[*] worked, but it’s not actually used 
anyway. Renato has a patch to fix the port by simply deleting the 
offending code.

Best regards,
Kristof

[*] Not in recent memory anyway. At least since 2012. That’s when the 
pf code was moved around in the tree and I’ve not dug further to see 
when this started to be wrong.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FE30BC8-EA8D-40E9-9D51-2906A6561B50>