>Number: 6416
>Category: kernel
>Synopsis: pf 'pass from route "foo"' broken
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Jun 29 21:50:02 GMT 2010
>Closed-Date:
>Last-Modified:
>Originator:
>Release:
>Organization:
>Environment:
System : OpenBSD 4.7
Details : OpenBSD 4.7 (GENERIC.MP) #437: Fri Mar 5 07:32:33 MST
2010
[email protected]:/sys/arch/i386/compile/GENERIC.MP
Architecture: OpenBSD.i386
Machine : i386
>Description:
Specifying route labels in PF rules doesn't work.
>How-To-Repeat:
# printf 'pass\n pass log from route "foo"\n pass log to route "bar"\n' | pfctl
-vf -
pass all flags S/SA keep state
pass log from route "foo" to any flags S/SA keep state
pass log from any to route "bar" flags S/SA keep state
but the kernel doesn't act upon the labels, and retrieving the
ruleset results in junk:
# pfctl -sr | cat -v
pass all flags S/SA keep state
pass log from route "^C" to any flags S/SA keep state
pass log from any to route "^E" flags S/SA keep state
>Fix:
Fix not known. Problem was introduced in pf_pool removal
(2010/01/12 03:20:51).
Already discussed with various people; adding a PR to make sure
it doesn't get lost.
>Release-Note:
>Audit-Trail:
>Unformatted:
