Date: Sun, 27 Mar 2011 00:34:52 +0100 From: Remko Lodder <remko@elvandar.org> To: "Eugene M. Zheganin" <eugene@zhegan.in> Cc: freebsd-pf@FreeBSD.org Subject: Re: kern/155945: [pf] [ip6] pf match engine is broken with ipv6 Message-ID: <CCCE14D8-50BB-43FA-BB26-78CC387D5E68@elvandar.org> In-Reply-To: <201103262000.p2QK0KSG019628@freefall.freebsd.org> References: <201103262000.p2QK0KSG019628@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Eugene, On Mar 26, 2011, at 9:00 PM, Eugene M. Zheganin wrote: > The following reply was made to PR kern/155945; it has been noted by = GNATS. >=20 > From: "Eugene M. Zheganin" <eugene@zhegan.in> > To: bug-followup@FreeBSD.org > Cc: =20 > Subject: Re: kern/155945: [pf] [ip6] pf match engine is broken with = ipv6 > Date: Sun, 27 Mar 2011 00:12:22 +0500 >=20 > Yes, I does. > Thank you. You are welcome ofcourse! >=20 > So, does this mean it's not a bug ? No, it's not a bug. > To be honest, I fugured out this solution by myself a few hours = earlier. :-) good work then! > In my defense I should say that <af> is referenced in pf.conf manual=20= > page only 2 times (for the whole article) and it's quite difficult to=20= > fugure out that thing by myself. Earlier I encountered similar problem=20= > with ipfw, which was even weirder (you have to put proto ipv6 at the = end=20 > of the rule, where it means 'inner proto', but not at the beginning of=20= > the rule, where it means something different). I dont know IPFW, but I do understand PF a fair bit. Most recently (in = the last few days) I added a SIXXS.net tunnel to my PFsense box, and well it needs IPV6 = connectivity through PF.. so I was kinda cheating because I knew what meant what ;) >=20 > I think at least documentation should be made more clear. If it is not clear enough it might be an idea to get it more clear. The = problem on our end is that it's contributed code, from OpenBSD (by Daniel Hartmeier) and that = if we are to modify it locally, we potentially generate a lot of fuzz when someone imports a = newer version, which is what Ermal is currently doing (with Bjoern if I can recall = correctly). So, we need to get this upstream if it is really unclear/needed. Are there others that confirm this? >=20 > Sorry for your time; thanks for the answer. No problem, my time wasn't wasted, because it helped you! That's the = great thing about the community, as long as it helps people, we don't mind :-) Cheers REmko >=20 > Eugene. > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >=20 --=20 /"\ Best regards, | remko@FreeBSD.org \ / Remko Lodder | X http://www.evilcoder.org/ | Quis custodiet ipsos custodes / \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CCCE14D8-50BB-43FA-BB26-78CC387D5E68>