Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 29 Apr 2021 17:18:59 +0200
From:      "Kristof Provost" <kp@FreeBSD.org>
To:        "Shawn Webb" <shawn.webb@hardenedbsd.org>
Cc:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   Re: git: e86bddea9fe6 - main - pf: Split pf_rule into kernel and user space versions
Message-ID:  <3FE30BC8-EA8D-40E9-9D51-2906A6561B50@FreeBSD.org>
In-Reply-To: <20210429151414.iao5i7hjmmztfos6@mutt-hbsd>
References:  <202101052237.105MbsJW081542@gitrepo.freebsd.org> <20210429151414.iao5i7hjmmztfos6@mutt-hbsd>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 29 Apr 2021, at 17:14, Shawn Webb wrote:
> On Tue, Jan 05, 2021 at 10:37:54PM +0000, Kristof Provost wrote:
>> The branch main has been updated by kp:
>>
>> URL: =

>> https://cgit.FreeBSD.org/src/commit/?id=3De86bddea9fe62d5093a1942cf219=
50b3c5ca62e5
>>
>> commit e86bddea9fe62d5093a1942cf21950b3c5ca62e5
>> Author:     Kristof Provost <kp@FreeBSD.org>
>> AuthorDate: 2020-12-05 13:32:54 +0000
>> Commit:     Kristof Provost <kp@FreeBSD.org>
>> CommitDate: 2021-01-05 22:35:36 +0000
>>
>>     pf: Split pf_rule into kernel and user space versions
>>
>>     No functional change intended.
>>
>>     MFC after:      2 weeks
>>     Sponsored by:   Orange Business Services
>>     Differential Revision:  https://reviews.freebsd.org/D27758
>
> Key Kristof,
>
> This commit breaks the security/expiretable port. Specifically, the
> guarding of the pf_state struct, which expiretable uses directly.
>
Yeah, it=E2=80=99s come up before: =

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253547

Tl;dr: The expiretable port used a struct it should not have been using. =

That part of the code never[*] worked, but it=E2=80=99s not actually used=
 =

anyway. Renato has a patch to fix the port by simply deleting the =

offending code.

Best regards,
Kristof

[*] Not in recent memory anyway. At least since 2012. That=E2=80=99s when=
 the =

pf code was moved around in the tree and I=E2=80=99ve not dug further to =
see =

when this started to be wrong.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FE30BC8-EA8D-40E9-9D51-2906A6561B50>