>Synopsis: Bug using 'pfctl -K' to kill source tracking entries for
specific source/destination couples
>Category: system
>Environment:
System : OpenBSD 7.4
Details : OpenBSD 7.4 (GENERIC.MP) #0: Sun Oct 22 12:13:42 MDT
2023
[email protected]:
/usr/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
'pfctl -K key' allows to kill all source tracking entries for
specific sources or for every sources.
Repeating the '-K key' could allow to delete those entries for the
specific destination following the second -K option.
Looking at the source code (sbin/pfctl/pfctl.c), I found in
pfctl_kill_src_nodes() that the destination address is not
copied in the 'psnk_dst' of the 'struct psnk' but in the 'psnk_src'
(maybe a typo ?).
>Fix:
I would just suggest to change the address given to the
'copy_satopfaddr' from the source to the destination,
as I did in the following lines.
--- src/sbin/pfctl/pfctl.c 2024-01-25 07:32:49.837429476 +0100
+++ pfctl.c 2024-01-29 18:20:52.271923562 +0100
@@ -514,7 +514,7 @@ pfctl_kill_src_nodes(int dev, int opts)
dests++;
-
copy_satopfaddr(&psnk.psnk_src.addr.v.a.addr,
+
copy_satopfaddr(&psnk.psnk_dst.addr.v.a.addr,
resp[1]->ai_addr);
if (ioctl(dev, DIOCKILLSRCNODES,
&psnk) == -1)
Best regards,
Olivier.
