From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:53:17 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id BEEFB16A4CF; Thu, 16 Sep 2004 03:53:17 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 6235 invoked by uid 1005); 2 Oct 2003 11:48:29 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 6232 invoked from network); 2 Oct 2003 11:48:29 -0000 Received: from moutng.kundenserver.de (212.227.126.177) by pd9e392bf.dip.t-dialin.net with SMTP; 2 Oct 2003 11:48:29 -0000 Received: from [212.227.126.215] (helo=mxng19.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1A52nq-0003qT-00 for max@vampire.homelinux.org; Thu, 02 Oct 2003 14:43:30 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng19.kundenserver.de with esmtp (Exim 3.35 #1) id 1A52nm-0000oj-00 for max@love2party.net; Thu, 02 Oct 2003 14:43:26 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 2A0B1390BFE; Thu, 2 Oct 2003 07:37:12 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Thu, 02 Oct 2003 07:37:06 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183])ESMTP id 085F5390BCC for ; Thu, 2 Oct 2003 07:37:05 -0500 (EST) Received: from [212.227.126.207] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1A52lg-0001OR-00; Thu, 02 Oct 2003 14:41:16 +0200 Received: from [217.227.146.191] (helo=maxlap) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1A52lg-00054a-00; Thu, 02 Oct 2003 14:41:16 +0200 From: Max Laier X-Mailer: The Bat! (v2.00.6) Business X-Priority: 3 (Normal) Message-ID: <579322675.20031002144154@love2party.net> To: James Quick In-Reply-To: References: MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-archive-position: 179 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd Content-Transfer-Encoding: quoted-printable X-UID: 294 X-Length: 4194 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 cc: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: Patch for :broadcast expansion. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:53:17 -0000 X-Original-Date: Thu, 2 Oct 2003 14:41:54 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:53:17 -0000 Hello James, Thursday, October 2, 2003, 12:51:38 AM, you wrote: JQ> The expansion of ifname:broadcast, is not useful on systems such as JQ> jail hosts which have multiple addresses on the same network aliased JQ> to the interface, .... This is 100% correct. These macros - same applies to ":network" - are for plain, default setups. If it comes to aliases or other tricky things it's the administrators task to take care of. That said, you may already see why your patch isn't appropriate for everybody. JQ> ... since in that case the broadcast macro expands to the not only JQ> the broadcast address but also the addresses of each of the aliased JQ> host addresses. Now this is only party true. The macro expands to all _broadcast_ addresses of the given interface. The /problem/ is, that every alias gets it's own broadcast address, which is a sane choice when one wants aliases in different nets (with different broadcast addresses). Your patch does catch one of many exceptions, but it is not a general solution for all problems with aliases or the ":broadcast" macro in general. There might be situations where you narrow the broadcast address for a given interface to /32. Your patch will then expand to nothing, which is hardly wanted. That is why I doubt it will make its way into pf. You can however try to convince Daniel & co. to adopt it (we try not to fork from OpenBSD's behaviour). Note that the same issues apply to the ":network" macros! Both are for the plain default, not for every configuration one can think of. --=20 Best regards, Max mailto:max@love2party.net