From owner-freebsd-rc@FreeBSD.ORG Tue Apr 10 13:38:50 2007 Return-Path: X-Original-To: freebsd-rc@freebsd.org Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 93D8216A404 for ; Tue, 10 Apr 2007 13:38:50 +0000 (UTC) (envelope-from keramida@freebsd.org) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.freebsd.org (Postfix) with ESMTP id 12AE113C4B8 for ; Tue, 10 Apr 2007 13:38:49 +0000 (UTC) (envelope-from keramida@freebsd.org) Received: from kobe.laptop (host5.bedc.ondsl.gr [62.103.39.229]) (authenticated bits=128) by igloo.linux.gr (8.13.8/8.13.8/Debian-3) with ESMTP id l3ADReU6025767 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Tue, 10 Apr 2007 16:27:50 +0300 Received: from kobe.laptop (kobe.laptop [127.0.0.1]) by kobe.laptop (8.13.8/8.13.8) with ESMTP id l3ADRLrI006862 for ; Tue, 10 Apr 2007 16:27:32 +0300 (EEST) (envelope-from keramida@freebsd.org) Received: (from keramida@localhost) by kobe.laptop (8.13.8/8.13.8/Submit) id l3ADRL0x006861 for freebsd-rc@freebsd.org; Tue, 10 Apr 2007 16:27:21 +0300 (EEST) (envelope-from keramida@freebsd.org) Date: Tue, 10 Apr 2007 16:27:20 +0300 From: Giorgos Keramidas To: freebsd-rc@freebsd.org Message-ID: <20070410132720.GA6832@kobe.laptop> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-3.79, required 5, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.61, BAYES_00 -2.60) X-Hellug-MailScanner-From: keramida@freebsd.org X-Spam-Status: No Subject: [REVIEW] conf/111225 bug fix X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Apr 2007 13:38:50 -0000 Hi all, Does the following patch look like a good fix for bug conf/111225? %%% diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -151,6 +151,7 @@ pflog_flags="" # additional flags for pflog_flags="" # additional flags for pflogd pfsync_enable="NO" # Expose pf state to other hosts for syncing pfsync_syncdev="" # Interface for pfsync to work through +pfsync_syncpeer="" # IP address of pfsync peer host pfsync_ifconfig="" # Additional options to ifconfig(8) for pfsync tcp_extensions="YES" # Set to NO to turn off RFC1323 extensions. log_in_vain="0" # >=1 to log connects to ports w/o listeners. diff --git a/etc/rc.d/pfsync b/etc/rc.d/pfsync --- a/etc/rc.d/pfsync +++ b/etc/rc.d/pfsync @@ -36,8 +36,13 @@ pfsync_prestart() pfsync_start() { + local _syncpeer + echo "Enabling pfsync." - ifconfig pfsync0 syncdev $pfsync_syncdev $pfsync_ifconfig up + if [ -n "${pfsync_syncpeer}" ]; then + _syncpeer="syncpeer ${pfsync_syncpeer}" + fi + ifconfig pfsync0 $_syncpeer syncdev $pfsync_syncdev $pfsync_ifconfig up } pfsync_stop() diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -855,6 +855,26 @@ It must be set accordingly if .Va pfsync_enable is set to .Dq Li YES . +.It Va pfsync_syncpeer +.Pq Vt str +Empty by default. +This variable is optional. +By default, state change messages are sent out on the synchronisation +interface using IP multicast packets. +The protocol is IP protocol 240, PFSYNC, and the multicast group used is +224.0.0.240. +When a peer address is specified using the +.Va pfsync_syncpeer +option, the peer address is used as a destination for the pfsync +traffic, and the traffic can then be protected using +.Xr ipsec 4 . +See the +.Xr pfsync 4 +manpage for more details about using +.Xr ipsec 4 +with +.Xr pfsync 4 +interfaces. .It Va pfsync_ifconfig .Pq Vt str Empty by default. %%% Giorgos Keramidas FreeBSD: The Power to Serve keramida@FreeBSD.org http://www.FreeBSD.org/