Date: Fri, 6 Nov 2015 17:41:22 +0100 From: Florian Smeets <flo@smeets.xyz> To: Kristof Provost <kp@FreeBSD.org>, Tom Uffner <tom@uffner.com> Cc: FreeBSD-Current <freebsd-current@FreeBSD.org> Subject: Re: r289932 causes pf reversion - breaks rules with broadcast destination Message-ID: <563CD832.4000502@smeets.xyz> In-Reply-To: <20151106160610.GB2336@vega.codepro.be> References: <563AB177.6030809@uffner.com> <563B944A.50905@uffner.com> <20151106160610.GB2336@vega.codepro.be>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--V036LBJe91SsvrxKWDr8rvDlXtNm4Eoto
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On 06.11.15 17:06, Kristof Provost wrote:
> I suspect I've also found the source of the problem:
> pf_addr_wrap_neq() uses PF_ANEQ(), but sets address family 0.
> As a result of the fix that now means we always return false there.
>=20
> Can you give this a quick test:
>=20
> diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
> index 1dfc37d..762b82e 100644
> --- a/sys/netpfil/pf/pf.c
> +++ b/sys/netpfil/pf/pf.c
> @@ -1973,9 +1973,9 @@ pf_addr_wrap_neq(struct pf_addr_wrap *aw1, struct=
pf_addr_wrap *aw2)
> switch (aw1->type) {
> case PF_ADDR_ADDRMASK:
> case PF_ADDR_RANGE:
> - if (PF_ANEQ(&aw1->v.a.addr, &aw2->v.a.addr, 0))
> + if (PF_ANEQ(&aw1->v.a.addr, &aw2->v.a.addr, AF_INET6))
> return (1);
> - if (PF_ANEQ(&aw1->v.a.mask, &aw2->v.a.mask, 0))
> + if (PF_ANEQ(&aw1->v.a.mask, &aw2->v.a.mask, AF_INET6))
> return (1);
> return (0);
> case PF_ADDR_DYNIFTL:
>=20
I was affected by this, too. The patch above does indeed make my rule
set work again.
Thanks!
Florian
--V036LBJe91SsvrxKWDr8rvDlXtNm4Eoto
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQJ8BAEBCgBmBQJWPNhBXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNzAxMDMyMDNCQ0FCNDRBOThGRUM4NDRF
NzA1M0RGOUZGODZGMDc2AAoJEOcFPfn/hvB2Ed0P/A+llkmBMlPZMPcrz5S45r2h
TfyoMrH6Z0mVCd2C5v6dejON1wmn0EMm/iU08IqpAsxc5jH/3qjQnAWmDe3A3+ce
cofIUeVCZWficeJ1zT1C4opX+JrPNbhwkAQYf8Olzf5Fn24802rvcxRlvTcwOoFn
t1fKyq3RkrOUnl4wBotzNBRJS79p9rABCXxpzJV1ntYh8Xbhn+lseE8DRebm7jqa
dq+gqncKpPzLzXHpGXhMSRgV9KARiqJCSFbOIwKA5oJmEZwa8cfA65C/cNVzSTR4
H8metO145MPkDdRh3Xdi8uKcjdZQJ0E2A+RhmYBz1agPDqld5zJinpmBmUAsiJB4
MBwmZqyLREuCuQz6EEr8dRmxCF0VFk92gg0qAn8tkGINF8C4SGYsCOoUxJwr6BE5
F8SlX1Zhr0ICuIJSMLQw3HsZJD9v55r9LWUkq2MFiOuW22VjfvWlV3jo2NTc3XIx
0WI9M4it5icygaeelSPWOehcUayGyy70r1dAQGrX+A6OiV+p5R8pnBCoCvpipedi
jwLdHs9FabEdIgC3npyK9dkXxSiFjkezAK6OiE8MQK7hZX1Rttdhr5JDKt6u1mAv
scLz98KTUu/E7aiQFmgrQUNIzV8WwtlbzR/EIZq/n0sKrd7xdikALboj1+P92ShL
Bb3xpP6mQgptE9mOzqAI
=P7Jp
-----END PGP SIGNATURE-----
--V036LBJe91SsvrxKWDr8rvDlXtNm4Eoto--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?563CD832.4000502>