From owner-freebsd-pf@freebsd.org  Tue Dec  3 09:15:14 2019
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id CA8301CEEA5
 for <freebsd-pf@mailman.nyi.freebsd.org>; Tue,  3 Dec 2019 09:15:14 +0000 (UTC)
 (envelope-from vas@sibptus.ru)
Received: from admin.sibptus.ru (admin.sibptus.ru
 [IPv6:2001:19f0:5001:21dc::10])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 47RxCQ1200z4825
 for <freebsd-pf@freebsd.org>; Tue,  3 Dec 2019 09:15:13 +0000 (UTC)
 (envelope-from vas@sibptus.ru)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sibptus.ru; 
 s=20181118; h=In-Reply-To:Message-ID:Subject:To:From:Date;
 bh=PkP3mVzc9ogE7h6X2aTuKr3vF3XrXqyVptE8prm2epM=; b=df3MD2qsOEHy8LmKti9fw+/8zl
 VdWTMysGu9kGOUd5ZcYZTKEnXla5usbDQOfBXXFsr3N/oSq+StI5ZoKw7Boii27ISIhRLHJNAk5Ke
 oBHTuO1S16Wcg8NL1fR2dI2aLl5Zvw4rbDkvciz9ITvvek4Shmu9fVTQseqIYZISZQvU=;
Received: from vas by admin.sibptus.ru with local (Exim 4.92.3 (FreeBSD))
 (envelope-from <vas@sibptus.ru>) id 1ic4H2-000AnP-SZ
 for freebsd-pf@freebsd.org; Tue, 03 Dec 2019 16:15:12 +0700
Date: Tue, 3 Dec 2019 16:15:12 +0700
From: Victor Sudakov <vas@sibptus.ru>
To: freebsd-pf@freebsd.org
Subject: Re: pf's states
Message-ID: <20191203091512.GD40372@admin.sibptus.ru>
References: <20191202025642.GA99174@admin.sibptus.ru>
 <7a5b77d9-29d2-4fb4-b82c-3e6a194baf6e@tuxpowered.net>
 <20191202152543.GA16128@admin.sibptus.ru>
 <c17233fd-e9df-81cc-e015-89f4d5715273@pp.dyndns.biz>
 <20191203070555.GA38510@admin.sibptus.ru>
 <bf32ec63-0d03-43a6-a833-903fc3509e33@www.fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary="tNQTSEo8WG/FKZ8E"
Content-Disposition: inline
In-Reply-To: <bf32ec63-0d03-43a6-a833-903fc3509e33@www.fastmail.com>
X-PGP-Key: http://admin.sibptus.ru/~vas/
X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9  3532 0DA4 F259 9B5E C634
User-Agent: Mutt/1.12.2 (2019-09-21)
X-Rspamd-Queue-Id: 47RxCQ1200z4825
X-Spamd-Bar: --------
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=sibptus.ru header.s=20181118 header.b=df3MD2qs;
 dmarc=pass (policy=none) header.from=sibptus.ru;
 spf=pass (mx1.freebsd.org: domain of vas@sibptus.ru designates
 2001:19f0:5001:21dc::10 as permitted sender) smtp.mailfrom=vas@sibptus.ru
X-Spamd-Result: default: False [-8.47 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[sibptus.ru:s=20181118];
 FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c];
 TO_MATCH_ENVRCPT_ALL(0.00)[];
 MIME_GOOD(-0.20)[multipart/signed,text/plain];
 TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 RCPT_COUNT_ONE(0.00)[1];
 IP_SCORE(-3.37)[ip: (-9.87), ipnet: 2001:19f0:5000::/38(-4.94), asn:
 20473(-2.00), country: US(-0.05)]; 
 DKIM_TRACE(0.00)[sibptus.ru:+];
 DMARC_POLICY_ALLOW(-0.50)[sibptus.ru,none];
 SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[];
 ASN(0.00)[asn:20473, ipnet:2001:19f0:5000::/38, country:US];
 RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Dec 2019 09:15:14 -0000


--tNQTSEo8WG/FKZ8E
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Dave Cottlehuber wrote:
> TLDR add log to the rules, then start pflog,use wireshark or tcpdump
> on the pflog interface and you can see exactly which rule is applied
> to that packet.

It's not that the wrong rules are being applied, there are 2-3 rules in
total in the whole lab, they are easy to monitor with rule counters.

It's the state being created from the rules that confuses me. And the
state if visible in "pfctl -s states".

The problem is that either I'm confused about how pf state works, or the
documentation is misleading/incomplete.


--=20
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/

--tNQTSEo8WG/FKZ8E
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJd5iegAAoJEA2k8lmbXsY0wMYH/RSRrC4Dj+EOa/DVE+hTSANT
v85+tmHQ+p0MX40NctAHKHXrg2EbC06cCts880xmnO5v2CF0wkw6frWstf8iOGP7
XgZXtWkjXBOeKWISNHLFCW2S7JSvnNAH9EuaGYgLNu1D9KTkBgX+VL+8EL+EBFna
TG68w4rexuSf+r4Ufj+X1fMMiyOeKGMwCcImNyABUoVikIn4KhpCKAWvqsu26zZw
zykbtOeDltM04WEN/t1usC9QMeWYm0JftgtNSZ3VcJq52vrwFL0jVmwPOXzZBA51
nF6ZPTxEh5MtWf9Qy8djsDtVDb4UoPfCl7DmUgSqTOcFhvVuhJZxED+DEJPUmgI=
=7Wed
-----END PGP SIGNATURE-----

--tNQTSEo8WG/FKZ8E--