Date: Sun, 27 Mar 2011 00:34:52 +0100 From: Remko Lodder <remko@elvandar.org> To: "Eugene M. Zheganin" <eugene@zhegan.in> Cc: freebsd-pf@FreeBSD.org Subject: Re: kern/155945: [pf] [ip6] pf match engine is broken with ipv6 Message-ID: <CCCE14D8-50BB-43FA-BB26-78CC387D5E68@elvandar.org> In-Reply-To: <201103262000.p2QK0KSG019628@freefall.freebsd.org> References: <201103262000.p2QK0KSG019628@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Eugene, On Mar 26, 2011, at 9:00 PM, Eugene M. Zheganin wrote: > The following reply was made to PR kern/155945; it has been noted by GNATS. > > From: "Eugene M. Zheganin" <eugene@zhegan.in> > To: bug-followup@FreeBSD.org > Cc: > Subject: Re: kern/155945: [pf] [ip6] pf match engine is broken with ipv6 > Date: Sun, 27 Mar 2011 00:12:22 +0500 > > Yes, I does. > Thank you. You are welcome ofcourse! > > So, does this mean it's not a bug ? No, it's not a bug. > To be honest, I fugured out this solution by myself a few hours earlier. :-) good work then! > In my defense I should say that <af> is referenced in pf.conf manual > page only 2 times (for the whole article) and it's quite difficult to > fugure out that thing by myself. Earlier I encountered similar problem > with ipfw, which was even weirder (you have to put proto ipv6 at the end > of the rule, where it means 'inner proto', but not at the beginning of > the rule, where it means something different). I dont know IPFW, but I do understand PF a fair bit. Most recently (in the last few days) I added a SIXXS.net tunnel to my PFsense box, and well it needs IPV6 connectivity through PF.. so I was kinda cheating because I knew what meant what ;) > > I think at least documentation should be made more clear. If it is not clear enough it might be an idea to get it more clear. The problem on our end is that it's contributed code, from OpenBSD (by Daniel Hartmeier) and that if we are to modify it locally, we potentially generate a lot of fuzz when someone imports a newer version, which is what Ermal is currently doing (with Bjoern if I can recall correctly). So, we need to get this upstream if it is really unclear/needed. Are there others that confirm this? > > Sorry for your time; thanks for the answer. No problem, my time wasn't wasted, because it helped you! That's the great thing about the community, as long as it helps people, we don't mind :-) Cheers REmko > > Eugene. > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- /"\ Best regards, | remko@FreeBSD.org \ / Remko Lodder | X http://www.evilcoder.org/ | Quis custodiet ipsos custodes / \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CCCE14D8-50BB-43FA-BB26-78CC387D5E68>