From owner-freebsd-pf@FreeBSD.ORG Sat Mar 26 23:34:55 2011 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9187F106566C for ; Sat, 26 Mar 2011 23:34:55 +0000 (UTC) (envelope-from remko@elvandar.org) Received: from mailgate.jr-hosting.nl (mailgate.jr-hosting.nl [IPv6:2a01:4f8:63:1281::3]) by mx1.freebsd.org (Postfix) with ESMTP id 33F568FC13 for ; Sat, 26 Mar 2011 23:34:55 +0000 (UTC) Received: from [10.0.2.10] (46-129-9-181.dynamic.upc.nl [46.129.9.181]) by mailgate.jr-hosting.nl (Postfix) with ESMTPSA id 8EBDB1CC28; Sun, 27 Mar 2011 00:34:53 +0100 (CET) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Remko Lodder In-Reply-To: <201103262000.p2QK0KSG019628@freefall.freebsd.org> Date: Sun, 27 Mar 2011 00:34:52 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: References: <201103262000.p2QK0KSG019628@freefall.freebsd.org> To: "Eugene M. Zheganin" X-Mailer: Apple Mail (2.1084) Cc: freebsd-pf@FreeBSD.org Subject: Re: kern/155945: [pf] [ip6] pf match engine is broken with ipv6 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Mar 2011 23:34:55 -0000 Dear Eugene, On Mar 26, 2011, at 9:00 PM, Eugene M. Zheganin wrote: > The following reply was made to PR kern/155945; it has been noted by = GNATS. >=20 > From: "Eugene M. Zheganin" > To: bug-followup@FreeBSD.org > Cc: =20 > Subject: Re: kern/155945: [pf] [ip6] pf match engine is broken with = ipv6 > Date: Sun, 27 Mar 2011 00:12:22 +0500 >=20 > Yes, I does. > Thank you. You are welcome ofcourse! >=20 > So, does this mean it's not a bug ? No, it's not a bug. > To be honest, I fugured out this solution by myself a few hours = earlier. :-) good work then! > In my defense I should say that is referenced in pf.conf manual=20= > page only 2 times (for the whole article) and it's quite difficult to=20= > fugure out that thing by myself. Earlier I encountered similar problem=20= > with ipfw, which was even weirder (you have to put proto ipv6 at the = end=20 > of the rule, where it means 'inner proto', but not at the beginning of=20= > the rule, where it means something different). I dont know IPFW, but I do understand PF a fair bit. Most recently (in = the last few days) I added a SIXXS.net tunnel to my PFsense box, and well it needs IPV6 = connectivity through PF.. so I was kinda cheating because I knew what meant what ;) >=20 > I think at least documentation should be made more clear. If it is not clear enough it might be an idea to get it more clear. The = problem on our end is that it's contributed code, from OpenBSD (by Daniel Hartmeier) and that = if we are to modify it locally, we potentially generate a lot of fuzz when someone imports a = newer version, which is what Ermal is currently doing (with Bjoern if I can recall = correctly). So, we need to get this upstream if it is really unclear/needed. Are there others that confirm this? >=20 > Sorry for your time; thanks for the answer. No problem, my time wasn't wasted, because it helped you! That's the = great thing about the community, as long as it helps people, we don't mind :-) Cheers REmko >=20 > Eugene. > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >=20 --=20 /"\ Best regards, | remko@FreeBSD.org \ / Remko Lodder | X http://www.evilcoder.org/ | Quis custodiet ipsos custodes / \ ASCII Ribbon Campaign | Against HTML Mail and News