From owner-freebsd-current@freebsd.org Thu Nov 5 15:26:06 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CE2D9A27542 for ; Thu, 5 Nov 2015 15:26:06 +0000 (UTC) (envelope-from tom@uffner.com) Received: from eris.uffner.com (eris.uffner.com [71.162.143.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "eris.uffner.com", Issuer "Uffner.com CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 9611917E9; Thu, 5 Nov 2015 15:26:06 +0000 (UTC) (envelope-from tom@uffner.com) Received: from discordia.uffner.com (discordia.uffner.com [10.69.69.61]) (authenticated bits=0) by eris.uffner.com (8.14.9/8.14.9) with ESMTP id tA5FQ2P8030659 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=FAIL); Thu, 5 Nov 2015 10:26:03 -0500 (EST) (envelope-from tom@uffner.com) Message-ID: <563B750A.4000004@uffner.com> Date: Thu, 05 Nov 2015 10:26:02 -0500 From: Tom Uffner User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:36.0) Gecko/20100101 Firefox/36.0 SeaMonkey/2.33.1 MIME-Version: 1.0 To: Kristof Provost CC: FreeBSD-Current Subject: Re: r289932 causes pf reversion - breaks rules with broadcast destination References: <563AB177.6030809@uffner.com> <20151105111759.GA2336@vega.codepro.be> In-Reply-To: <20151105111759.GA2336@vega.codepro.be> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Nov 2015 15:26:06 -0000 Kristof Provost wrote: > On 2015-11-04 20:31:35 (-0500), Tom Uffner wrote: >> Commit r289932 causes pf rules with broadcast destinations (and some but not >> all rules after them in pf.conf) to be silently ignored. This is bad. > What version did you test exactly? > > There was an issue with r289932 that was fixed in r289940, so if you're > in between those two can you test with something after r289940? thanks for your response. r289940 does not fix the problem that I am seeing. I first discovered it when I updated a -current system (from Jun 30, don't know the exact rev) to r290174 on Oct 30. After finding that many of my net services no longer worked, I isolated rules w/ broadcast addresses as the specific cause of the problem. Then I looked up every commit that touched sys/netpfil/pf from 6/30 to 10/30 and tested a kernel from before & after each one. when r290160 unexpectedly failed, I looked a little deeper and came up with sys/net/pfvars.h and r289932 As I said, I don't know why this change causes a problem (and don't really have time to figure it out at the moment). I just know that <=r289931 works, and that r289932 and greater do not. thanks, tom