Date: Thu, 05 Nov 2015 10:26:02 -0500 From: Tom Uffner <tom@uffner.com> To: Kristof Provost <kp@FreeBSD.org> Cc: FreeBSD-Current <freebsd-current@FreeBSD.org> Subject: Re: r289932 causes pf reversion - breaks rules with broadcast destination Message-ID: <563B750A.4000004@uffner.com> In-Reply-To: <20151105111759.GA2336@vega.codepro.be> References: <563AB177.6030809@uffner.com> <20151105111759.GA2336@vega.codepro.be>
next in thread | previous in thread | raw e-mail | index | archive | help
Kristof Provost wrote: > On 2015-11-04 20:31:35 (-0500), Tom Uffner <tom@uffner.com> wrote: >> Commit r289932 causes pf rules with broadcast destinations (and some but not >> all rules after them in pf.conf) to be silently ignored. This is bad. > What version did you test exactly? > > There was an issue with r289932 that was fixed in r289940, so if you're > in between those two can you test with something after r289940? thanks for your response. r289940 does not fix the problem that I am seeing. I first discovered it when I updated a -current system (from Jun 30, don't know the exact rev) to r290174 on Oct 30. After finding that many of my net services no longer worked, I isolated rules w/ broadcast addresses as the specific cause of the problem. Then I looked up every commit that touched sys/netpfil/pf from 6/30 to 10/30 and tested a kernel from before & after each one. when r290160 unexpectedly failed, I looked a little deeper and came up with sys/net/pfvars.h and r289932 As I said, I don't know why this change causes a problem (and don't really have time to figure it out at the moment). I just know that <=r289931 works, and that r289932 and greater do not. thanks, tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?563B750A.4000004>